DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/main' into pie

Browse source 
Changed text as commented in PR
Added client response e2e tests
This commit is contained in:
Christoph Hartmann 2023-11-10 21:43:36 +01:00
commit 0fd5b19c1b
122 changed files with 1171 additions and 1731 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
.github/workflows/ci.yaml vendored
View file

@ -42,7 +42,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter id: filter
@ -69,7 +69,7 @@ jobs:
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true')
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Go - name: Set up Go
id: go id: go
@ -90,7 +90,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Go - name: Set up Go
id: go id: go
@ -155,7 +155,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Go - name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
@ -230,7 +230,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache - name: cache
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
@ -278,7 +278,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache - name: cache
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
@ -329,7 +329,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache - name: cache
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
@ -372,7 +372,7 @@ jobs:
PLATFORMS: linux/amd64,linux/arm64 PLATFORMS: linux/amd64,linux/arm64
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images id: filter-images
@ -409,7 +409,7 @@ jobs:
PLATFORMS: linux/amd64,linux/arm64 PLATFORMS: linux/amd64,linux/arm64
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images id: filter-images
@ -481,7 +481,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images id: filter-images

4
.github/workflows/depreview.yaml vendored
View file

@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: 'Checkout Repository' - name: 'Checkout Repository'
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review' - name: 'Dependency Review'
uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0 uses: actions/dependency-review-action@9f45b2463b475767b61721ccfef113fef513e6aa # v3.1.1

4
.github/workflows/docs.yaml vendored
View file

@ -23,7 +23,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter id: filter
@ -47,7 +47,7 @@ jobs:
steps: steps:
- name: Checkout master - name: Checkout master
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Deploy - name: Deploy
uses: ./.github/actions/mkdocs uses: ./.github/actions/mkdocs

2
.github/workflows/golangci-lint.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Go - name: Set up Go
id: go id: go

6
.github/workflows/helm.yaml vendored
View file

@ -23,7 +23,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run Artifact Hub lint - name: Run Artifact Hub lint
run: | run: |
@ -61,7 +61,7 @@ jobs:
steps: steps:
- name: Checkout master - name: Checkout master
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
# Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
fetch-depth: 0 fetch-depth: 0
@ -73,7 +73,7 @@ jobs:
git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Helm Chart Releaser - name: Helm Chart Releaser
uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
env: env:
CR_SKIP_EXISTING: true CR_SKIP_EXISTING: true
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

2
.github/workflows/junit-reports.yaml vendored
View file

@ -9,7 +9,7 @@ jobs:
report: report:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 - uses: dorny/test-reporter@afe6793191b75b608954023a46831a3fe10048d4 # v1.7.0
with: with:
artifact: /e2e-test-reports-(.*)/ artifact: /e2e-test-reports-(.*)/
name: JEST Tests $1 # Name of the check run which will be created name: JEST Tests $1 # Name of the check run which will be created

2
.github/workflows/perftest.yaml vendored
View file

@ -19,7 +19,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install K6 - name: Install K6
run: | run: |

2
.github/workflows/plugin.yaml vendored
View file

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 0 fetch-depth: 0

4
.github/workflows/scorecards.yml vendored
View file

@ -27,12 +27,12 @@ jobs:
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
persist-credentials: false persist-credentials: false
- name: "Run analysis" - name: "Run analysis"
uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0 uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif

6
.github/workflows/vulnerability-scans.yaml vendored
View file

@ -22,7 +22,7 @@ jobs:
versions: ${{ steps.version.outputs.TAGS }} versions: ${{ steps.version.outputs.TAGS }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 0 fetch-depth: 0
@ -52,7 +52,7 @@ jobs:
versions: ${{ fromJSON(needs.version.outputs.versions) }} versions: ${{ fromJSON(needs.version.outputs.versions) }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- shell: bash - shell: bash
id: test id: test
@ -60,7 +60,7 @@ jobs:
- name: Scan image with AquaSec/Trivy - name: Scan image with AquaSec/Trivy
id: scan id: scan
uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # v0.12.0 uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 # v0.13.1
with: with:
image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
format: 'sarif' format: 'sarif'

9
README.md
View file

@ -38,16 +38,17 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but
| Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version | | Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version |
|:--:|-----------------------|------------------------------|----------------|---------------|------------------------------| |:--:|-----------------------|------------------------------|----------------|---------------|------------------------------|
| 🔄 | **v1.9.3** | 1.28, 1.27,1.26, 1.25 | 3.18.2 | 1.21.6 | 4.8.* | | 🔄 | **v1.9.4** | 1.28, 1.27,1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.3* |
| 🔄 | **v1.9.1** | 1.28, 1.27,1.26, 1.25 | 3.18.2 | 1.21.6 | 4.8.* | | 🔄 | **v1.9.3** | 1.28, 1.27,1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* |
| 🔄 | **v1.9.1** | 1.28, 1.27,1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* |
| 🔄 | **v1.9.0** | 1.28, 1.27,1.26, 1.25 | 3.18.2 | 1.21.6 | 4.8.* | | 🔄 | **v1.9.0** | 1.28, 1.27,1.26, 1.25 | 3.18.2 | 1.21.6 | 4.8.* |
| 🔄 | **v1.8.2** | 1.27,1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* |
| 🔄 | **v1.8.4** | 1.27,1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | | 🔄 | **v1.8.4** | 1.27,1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* |
| 🔄 | **v1.8.2** | 1.27,1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* |
| 🔄 | **v1.8.1** | 1.27,1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | | 🔄 | **v1.8.1** | 1.27,1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* |
| 🔄 | **v1.8.0** | 1.27,1.26, 1.25, 1.24 | 3.18.0 | 1.21.6 | 4.7.* | | 🔄 | **v1.8.0** | 1.27,1.26, 1.25, 1.24 | 3.18.0 | 1.21.6 | 4.7.* |
| 🔄 | **v1.7.1** | 1.27,1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | | 🔄 | **v1.7.1** | 1.27,1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* |
| 🔄 | **v1.7.0** | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | | 🔄 | **v1.7.0** | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* |
| | **v1.6.4** | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* | | | v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* |
| | v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | 4.4.* | | | v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | 4.4.* |
| | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | 4.3.0 | | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | 4.3.0 |
| | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | 4.2.5 | | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | 4.2.5 |

2
TAG
View file

@ -1 +1 @@
v1.9.3 v1.9.4

13
changelog/Changelog-1.9.4.md Normal file
View file

@ -0,0 +1,13 @@
# Changelog
### 1.9.4
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.4@sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26
### All Changes:
* Cherry pick fcgi fix and release v1.9.4 (#10544)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.3...controller-controller-v1.9.4

7
charts/ingress-nginx/Chart.yaml
View file

@ -1,10 +1,9 @@
annotations: annotations:
artifacthub.io/changes: |- artifacthub.io/changes: |-
- "update nginx base, httpbun, e2e, helm webhook cert gen (#10506)" - "Update Ingress-Nginx version controller-v1.9.4"
- "Update Ingress-Nginx version controller-v1.9.3"
artifacthub.io/prerelease: "false" artifacthub.io/prerelease: "false"
apiVersion: v2 apiVersion: v2
appVersion: 1.9.3 appVersion: 1.9.4
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
load balancer load balancer
home: https://github.com/kubernetes/ingress-nginx home: https://github.com/kubernetes/ingress-nginx
@ -20,4 +19,4 @@ maintainers:
name: ingress-nginx name: ingress-nginx
sources: sources:
- https://github.com/kubernetes/ingress-nginx - https://github.com/kubernetes/ingress-nginx
version: 4.8.2 version: 4.8.3

42
charts/ingress-nginx/README.md
View file

@ -2,7 +2,7 @@
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
![Version: 4.8.2](https://img.shields.io/badge/Version-4.8.2-informational?style=flat-square) ![AppVersion: 1.9.3](https://img.shields.io/badge/AppVersion-1.9.3-informational?style=flat-square) ![Version: 4.8.3](https://img.shields.io/badge/Version-4.8.3-informational?style=flat-square) ![AppVersion: 1.9.4](https://img.shields.io/badge/AppVersion-1.9.4-informational?style=flat-square)
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
@ -240,14 +240,16 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.admissionWebhooks.certManager.enabled | bool | `false` | | | controller.admissionWebhooks.certManager.enabled | bool | `false` | |
| controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | | | controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | |
| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | | | controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | |
| controller.admissionWebhooks.createSecretJob.name | string | `"create"` | |
| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | | | controller.admissionWebhooks.createSecretJob.resources | object | `{}` | |
| controller.admissionWebhooks.createSecretJob.securityContext.allowPrivilegeEscalation | bool | `false` | | | controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
| controller.admissionWebhooks.enabled | bool | `true` | | | controller.admissionWebhooks.enabled | bool | `true` | |
| controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one |
| controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set | | controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use | | controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use |
| controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | | | controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | |
| controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks | | controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks |
| controller.admissionWebhooks.name | string | `"admission"` | |
| controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.namespaceSelector | object | `{}` | |
| controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | |
| controller.admissionWebhooks.patch.enabled | bool | `true` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | |
@ -260,12 +262,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | |
| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # | | controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # |
| controller.admissionWebhooks.patch.securityContext.fsGroup | int | `2000` | | | controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods |
| controller.admissionWebhooks.patch.securityContext.runAsNonRoot | bool | `true` | |
| controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | |
| controller.admissionWebhooks.patch.tolerations | list | `[]` | | | controller.admissionWebhooks.patch.tolerations | list | `[]` | |
| controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` | |
| controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | | | controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | |
| controller.admissionWebhooks.patchWebhookJob.securityContext.allowPrivilegeEscalation | bool | `false` | | | controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
| controller.admissionWebhooks.port | int | `8443` | | | controller.admissionWebhooks.port | int | `8443` | |
| controller.admissionWebhooks.service.annotations | object | `{}` | | | controller.admissionWebhooks.service.annotations | object | `{}` | |
| controller.admissionWebhooks.service.externalIPs | list | `[]` | | | controller.admissionWebhooks.service.externalIPs | list | `[]` | |
@ -288,6 +289,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) | | controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
| controller.containerName | string | `"controller"` | Configures the controller container name | | controller.containerName | string | `"controller"` | Configures the controller container name |
| controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on | | controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on |
| controller.containerSecurityContext | object | `{}` | Security context for controller containers |
| controller.customTemplate.configMapKey | string | `""` | | | controller.customTemplate.configMapKey | string | `""` | |
| controller.customTemplate.configMapName | string | `""` | | | controller.customTemplate.configMapName | string | `""` | |
| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
@ -312,15 +314,18 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.hostPort.ports.http | int | `80` | 'hostPort' http port | | controller.hostPort.ports.http | int | `80` | 'hostPort' http port |
| controller.hostPort.ports.https | int | `443` | 'hostPort' https port | | controller.hostPort.ports.https | int | `443` | 'hostPort' https port |
| controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
| controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.allowPrivilegeEscalation | bool | `false` | |
| controller.image.chroot | bool | `false` | | | controller.image.chroot | bool | `false` | |
| controller.image.digest | string | `"sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98"` | | | controller.image.digest | string | `"sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3"` | |
| controller.image.digestChroot | string | `"sha256:df4931fd6859fbf1a71e785f02a44b2f9a16f010ae852c442e9bb779cbefdc86"` | | | controller.image.digestChroot | string | `"sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26"` | |
| controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.image | string | `"ingress-nginx/controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.image.readOnlyRootFilesystem | bool | `false` | |
| controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.registry | string | `"registry.k8s.io"` | |
| controller.image.runAsNonRoot | bool | `true` | |
| controller.image.runAsUser | int | `101` | | | controller.image.runAsUser | int | `101` | |
| controller.image.tag | string | `"v1.9.3"` | | | controller.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.image.tag | string | `"v1.9.4"` | |
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass |
@ -376,12 +381,19 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # | | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
| controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | | controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| controller.opentelemetry.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| controller.opentelemetry.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | |
| controller.opentelemetry.containerSecurityContext.runAsNonRoot | bool | `true` | |
| controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. |
| controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.opentelemetry.distroless | bool | `true` | |
| controller.opentelemetry.enabled | bool | `false` | | | controller.opentelemetry.enabled | bool | `false` | |
| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | | | controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | |
| controller.opentelemetry.name | string | `"opentelemetry"` | |
| controller.opentelemetry.resources | object | `{}` | | | controller.opentelemetry.resources | object | `{}` | |
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
| controller.podLabels | object | `{}` | Labels to add to the pod container metadata | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
| controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | | controller.podSecurityContext | object | `{}` | Security context for controller pods |
| controller.priorityClassName | string | `""` | | | controller.priorityClassName | string | `""` | |
| controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers | | controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers |
| controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. | | controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. |
@ -431,7 +443,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.service.targetPorts.https | string | `"https"` | | | controller.service.targetPorts.https | string | `"https"` | |
| controller.service.type | string | `"LoadBalancer"` | | | controller.service.type | string | `"LoadBalancer"` | |
| controller.shareProcessNamespace | bool | `false` | | | controller.shareProcessNamespace | bool | `false` | |
| controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | | controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ |
| controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | | controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap |
| controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) | | controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) |
| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # | | controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # |
@ -448,7 +460,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| defaultBackend.autoscaling.minReplicas | int | `1` | | | defaultBackend.autoscaling.minReplicas | int | `1` | |
| defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | | | defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
| defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | | defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | | defaultBackend.containerSecurityContext | object | `{}` | Security context for default backend containers |
| defaultBackend.enabled | bool | `false` | | | defaultBackend.enabled | bool | `false` | |
| defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one | | defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one |
| defaultBackend.extraArgs | object | `{}` | | | defaultBackend.extraArgs | object | `{}` | |
@ -462,6 +474,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| defaultBackend.image.registry | string | `"registry.k8s.io"` | | | defaultBackend.image.registry | string | `"registry.k8s.io"` | |
| defaultBackend.image.runAsNonRoot | bool | `true` | | | defaultBackend.image.runAsNonRoot | bool | `true` | |
| defaultBackend.image.runAsUser | int | `65534` | | | defaultBackend.image.runAsUser | int | `65534` | |
| defaultBackend.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| defaultBackend.image.tag | string | `"1.5"` | | | defaultBackend.image.tag | string | `"1.5"` | |
| defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources | | defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources |
| defaultBackend.livenessProbe.failureThreshold | int | `3` | | | defaultBackend.livenessProbe.failureThreshold | int | `3` | |
@ -476,7 +489,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # | | defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # | | defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # |
| defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata | | defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata |
| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | | defaultBackend.podSecurityContext | object | `{}` | Security context for default backend pods |
| defaultBackend.port | int | `8080` | | | defaultBackend.port | int | `8080` | |
| defaultBackend.priorityClassName | string | `""` | | | defaultBackend.priorityClassName | string | `""` | |
| defaultBackend.readinessProbe.failureThreshold | int | `6` | | | defaultBackend.readinessProbe.failureThreshold | int | `6` | |
@ -498,6 +511,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
| dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace |
| podSecurityPolicy.enabled | bool | `false` | | | podSecurityPolicy.enabled | bool | `false` | |
| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration | | portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration |
| rbac.create | bool | `true` | | | rbac.create | bool | `true` | |

8
charts/ingress-nginx/changelog/Changelog-4.8.3.md Normal file
View file

@ -0,0 +1,8 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.8.3
* Update Ingress-Nginx version controller-v1.9.4
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.8.2...helm-chart-4.8.3

18
charts/ingress-nginx/templates/NOTES.txt
View file

@ -6,24 +6,24 @@ Get the application URL by running these commands:
{{- if (not (empty .Values.controller.service.nodePorts.http)) }} {{- if (not (empty .Values.controller.service.nodePorts.http)) }}
export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }} export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }}
{{- else }} {{- else }}
export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) export HTTP_NODE_PORT=$(kubectl get service --namespace {{ include "ingress-nginx.namespace" . }} {{ include "ingress-nginx.controller.fullname" . }} --output jsonpath="{.spec.ports[0].nodePort}")
{{- end }} {{- end }}
{{- if (not (empty .Values.controller.service.nodePorts.https)) }} {{- if (not (empty .Values.controller.service.nodePorts.https)) }}
export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }} export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }}
{{- else }} {{- else }}
export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) export HTTPS_NODE_PORT=$(kubectl get service --namespace {{ include "ingress-nginx.namespace" . }} {{ include "ingress-nginx.controller.fullname" . }} --output jsonpath="{.spec.ports[1].nodePort}")
{{- end }} {{- end }}
export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}") export NODE_IP="$(kubectl get nodes --output jsonpath="{.items[0].status.addresses[1].address}")"
echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP." echo "Visit http://${NODE_IP}:${HTTP_NODE_PORT} to access your application via HTTP."
echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS." echo "Visit https://${NODE_IP}:${HTTPS_NODE_PORT} to access your application via HTTPS."
{{- else if contains "LoadBalancer" .Values.controller.service.type }} {{- else if contains "LoadBalancer" .Values.controller.service.type }}
It may take a few minutes for the LoadBalancer IP to be available. It may take a few minutes for the load balancer IP to be available.
You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ include "ingress-nginx.controller.fullname" . }}' You can watch the status by running 'kubectl get service --namespace {{ include "ingress-nginx.namespace" . }} {{ include "ingress-nginx.controller.fullname" . }} --output wide --watch'
{{- else if contains "ClusterIP" .Values.controller.service.type }} {{- else if contains "ClusterIP" .Values.controller.service.type }}
Get the application URL by running these commands: Get the application URL by running these commands:
export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "ingress-nginx.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}") export POD_NAME="$(kubectl get pods --namespace {{ include "ingress-nginx.namespace" . }} --selector app.kubernetes.io/name={{ include "ingress-nginx.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=controller --output jsonpath="{.items[0].metadata.name}")"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 kubectl port-forward --namespace {{ include "ingress-nginx.namespace" . }} "${POD_NAME}" 8080:80
echo "Visit http://127.0.0.1:8080 to access your application." echo "Visit http://127.0.0.1:8080 to access your application."
{{- end }} {{- end }}

103
charts/ingress-nginx/templates/_helpers.tpl
View file

@ -30,25 +30,40 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Expand the namespace of the release.
Allows overriding it for multi-namespace deployments in combined charts.
*/}}
{{- define "ingress-nginx.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* {{/*
Container SecurityContext. Controller container security context.
*/}} */}}
{{- define "controller.containerSecurityContext" -}} {{- define "ingress-nginx.controller.containerSecurityContext" -}}
{{- if .Values.controller.containerSecurityContext -}} {{- if .Values.controller.containerSecurityContext -}}
{{- toYaml .Values.controller.containerSecurityContext -}} {{- toYaml .Values.controller.containerSecurityContext -}}
{{- else -}} {{- else -}}
runAsNonRoot: {{ .Values.controller.image.runAsNonRoot }}
runAsUser: {{ .Values.controller.image.runAsUser }}
allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }}
{{- if .Values.controller.image.seccompProfile }}
seccompProfile: {{ toYaml .Values.controller.image.seccompProfile | nindent 2 }}
{{- end }}
capabilities: capabilities:
drop: drop:
- ALL - ALL
add: add:
- NET_BIND_SERVICE - NET_BIND_SERVICE
{{- if .Values.controller.image.chroot }} {{- if .Values.controller.image.chroot }}
{{- if .Values.controller.image.seccompProfile }}
- SYS_ADMIN
{{- end }}
- SYS_CHROOT - SYS_CHROOT
{{- end }} {{- end }}
runAsUser: {{ .Values.controller.image.runAsUser }} readOnlyRootFilesystem: {{ .Values.controller.image.readOnlyRootFilesystem }}
allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} {{- end -}}
{{- end }}
{{- end -}} {{- end -}}
{{/* {{/*
@ -102,7 +117,6 @@ By convention this will simply use the <namespace>/<controller-name> to match th
service generated. service generated.
Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride` Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
*/}} */}}
{{- define "ingress-nginx.controller.publishServicePath" -}} {{- define "ingress-nginx.controller.publishServicePath" -}}
{{- $defServiceName := printf "%s/%s" "$(POD_NAMESPACE)" (include "ingress-nginx.controller.fullname" .) -}} {{- $defServiceName := printf "%s/%s" "$(POD_NAMESPACE)" (include "ingress-nginx.controller.fullname" .) -}}
@ -110,14 +124,6 @@ Users can provide an override for an explicit service they want bound via `.Valu
{{- print $servicePath | trimSuffix "-" -}} {{- print $servicePath | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{/*
Create a default fully qualified default backend name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.defaultBackend.fullname" -}}
{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* {{/*
Common labels Common labels
*/}} */}}
@ -153,6 +159,38 @@ Create the name of the controller service account to use
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Create a default fully qualified admission webhook name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.admissionWebhooks.fullname" -}}
{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.admissionWebhooks.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified admission webhook secret creation job name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.admissionWebhooks.createSecretJob.fullname" -}}
{{- printf "%s-%s" (include "ingress-nginx.admissionWebhooks.fullname" .) .Values.controller.admissionWebhooks.createSecretJob.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified admission webhook patch job name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.admissionWebhooks.patchWebhookJob.fullname" -}}
{{- printf "%s-%s" (include "ingress-nginx.admissionWebhooks.fullname" .) .Values.controller.admissionWebhooks.patchWebhookJob.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified default backend name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.defaultBackend.fullname" -}}
{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* {{/*
Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
*/}} */}}
@ -164,6 +202,26 @@ Create the name of the backend service account to use - only used when podsecuri
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Default backend container security context.
*/}}
{{- define "ingress-nginx.defaultBackend.containerSecurityContext" -}}
{{- if .Values.defaultBackend.containerSecurityContext -}}
{{- toYaml .Values.defaultBackend.containerSecurityContext -}}
{{- else -}}
runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
{{- if .Values.defaultBackend.image.seccompProfile }}
seccompProfile: {{ toYaml .Values.defaultBackend.image.seccompProfile | nindent 2 }}
{{- end }}
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem }}
{{- end -}}
{{- end -}}
{{/* {{/*
Return the appropriate apiGroup for PodSecurityPolicy. Return the appropriate apiGroup for PodSecurityPolicy.
*/}} */}}
@ -200,18 +258,21 @@ Extra modules.
{{- define "extraModules" -}} {{- define "extraModules" -}}
- name: {{ .name }} - name: {{ .name }}
image: {{ .image }} image: {{ .image }}
{{- if .distroless | default false }} command:
command: ['/init_module'] {{- if .distroless }}
- /init_module
{{- else }} {{- else }}
command: ['sh', '-c', '/usr/local/bin/init_module.sh'] - sh
- -c
- /usr/local/bin/init_module.sh
{{- end }} {{- end }}
{{- if .containerSecurityContext }} {{- if .containerSecurityContext }}
securityContext: {{ .containerSecurityContext | toYaml | nindent 4 }} securityContext: {{ toYaml .containerSecurityContext | nindent 4 }}
{{- end }} {{- end }}
{{- if .resources }} {{- if .resources }}
resources: {{ .resources | toYaml | nindent 4 }} resources: {{ toYaml .resources | nindent 4 }}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
- name: {{ toYaml "modules"}} - name: modules
mountPath: {{ toYaml "/modules_mount"}} mountPath: /modules_mount
{{- end -}} {{- end -}}

16
charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml
View file

@ -6,7 +6,7 @@ apiVersion: cert-manager.io/v1
kind: Issuer kind: Issuer
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-self-signed-issuer name: {{ include "ingress-nginx.fullname" . }}-self-signed-issuer
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
selfSigned: {} selfSigned: {}
--- ---
@ -15,7 +15,7 @@ apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-root-cert name: {{ include "ingress-nginx.fullname" . }}-root-cert
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
secretName: {{ include "ingress-nginx.fullname" . }}-root-cert secretName: {{ include "ingress-nginx.fullname" . }}-root-cert
duration: {{ .Values.controller.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }} duration: {{ .Values.controller.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }}
@ -32,7 +32,7 @@ apiVersion: cert-manager.io/v1
kind: Issuer kind: Issuer
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-root-issuer name: {{ include "ingress-nginx.fullname" . }}-root-issuer
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
ca: ca:
secretName: {{ include "ingress-nginx.fullname" . }}-root-cert secretName: {{ include "ingress-nginx.fullname" . }}-root-cert
@ -42,10 +42,10 @@ spec:
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
secretName: {{ include "ingress-nginx.fullname" . }}-admission secretName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }} duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
issuerRef: issuerRef:
{{- if .Values.controller.admissionWebhooks.certManager.issuerRef }} {{- if .Values.controller.admissionWebhooks.certManager.issuerRef }}
@ -55,8 +55,8 @@ spec:
{{- end }} {{- end }}
dnsNames: dnsNames:
- {{ include "ingress-nginx.controller.fullname" . }}-admission - {{ include "ingress-nginx.controller.fullname" . }}-admission
- {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }} - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ include "ingress-nginx.namespace" . }}
- {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ include "ingress-nginx.namespace" . }}.svc
subject: subject:
organizations: organizations:
- ingress-nginx-admission - ingress-nginx-admission

13
charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@ -21,14 +21,13 @@ rules:
- get - get
- update - update
{{- if .Values.podSecurityPolicy.enabled }} {{- if .Values.podSecurityPolicy.enabled }}
- apiGroups: ['extensions'] - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
resources: ['podsecuritypolicies'] resources: ['podsecuritypolicies']
verbs: ['use'] verbs: ['use']
resourceNames:
{{- with .Values.controller.admissionWebhooks.existingPsp }} {{- with .Values.controller.admissionWebhooks.existingPsp }}
- {{ . }} resourceNames: [{{ . }}]
{{- else }} {{- else }}
- {{ include "ingress-nginx.fullname" . }}-admission resourceNames: [{{ include "ingress-nginx.admissionWebhooks.fullname" . }}]
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

8
charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@ -15,9 +15,9 @@ metadata:
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }} {{- end }}

17
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
View file

@ -2,8 +2,8 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-create name: {{ include "ingress-nginx.admissionWebhooks.createSecretJob.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@ -23,7 +23,7 @@ spec:
{{- end }} {{- end }}
template: template:
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-create name: {{ include "ingress-nginx.admissionWebhooks.createSecretJob.fullname" . }}
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
{{- end }} {{- end }}
@ -50,7 +50,7 @@ spec:
- create - create
- --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc - --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE) - --namespace=$(POD_NAMESPACE)
- --secret-name={{ include "ingress-nginx.fullname" . }}-admission - --secret-name={{ include "ingress-nginx.admissionWebhooks.fullname" . }}
env: env:
- name: POD_NAMESPACE - name: POD_NAMESPACE
valueFrom: valueFrom:
@ -66,15 +66,14 @@ spec:
resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }} resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }}
{{- end }} {{- end }}
restartPolicy: OnFailure restartPolicy: OnFailure
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.controller.admissionWebhooks.patch.tolerations }} {{- if .Values.controller.admissionWebhooks.patch.tolerations }}
tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.controller.admissionWebhooks.patch.securityContext }} {{- if .Values.controller.admissionWebhooks.patch.securityContext }}
securityContext: securityContext: {{ toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }}
{{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} {{- end }}
{{- end }}
{{- end }} {{- end }}

19
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
View file

@ -2,8 +2,8 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-patch name: {{ include "ingress-nginx.admissionWebhooks.patchWebhookJob.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
annotations: annotations:
"helm.sh/hook": post-install,post-upgrade "helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@ -23,7 +23,7 @@ spec:
{{- end }} {{- end }}
template: template:
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-patch name: {{ include "ingress-nginx.admissionWebhooks.patchWebhookJob.fullname" . }}
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
{{- end }} {{- end }}
@ -48,10 +48,10 @@ spec:
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
args: args:
- patch - patch
- --webhook-name={{ include "ingress-nginx.fullname" . }}-admission - --webhook-name={{ include "ingress-nginx.admissionWebhooks.fullname" . }}
- --namespace=$(POD_NAMESPACE) - --namespace=$(POD_NAMESPACE)
- --patch-mutating=false - --patch-mutating=false
- --secret-name={{ include "ingress-nginx.fullname" . }}-admission - --secret-name={{ include "ingress-nginx.admissionWebhooks.fullname" . }}
- --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }} - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
env: env:
- name: POD_NAMESPACE - name: POD_NAMESPACE
@ -68,15 +68,14 @@ spec:
resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }} resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }}
{{- end }} {{- end }}
restartPolicy: OnFailure restartPolicy: OnFailure
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.controller.admissionWebhooks.patch.tolerations }} {{- if .Values.controller.admissionWebhooks.patch.tolerations }}
tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.controller.admissionWebhooks.patch.securityContext }} {{- if .Values.controller.admissionWebhooks.patch.securityContext }}
securityContext: securityContext: {{ toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }}
{{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} {{- end }}
{{- end }}
{{- end }} {{- end }}

4
charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
View file

@ -2,8 +2,8 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded

49
charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml
View file

@ -1,12 +1,13 @@
{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} {{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}} {{- if and .Values.podSecurityPolicy.enabled .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*"
labels: labels:
{{- include "ingress-nginx.labels" . | nindent 4 }} {{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
@ -14,28 +15,38 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
allowPrivilegeEscalation: false privileged: false
hostPID: false
hostIPC: false
hostNetwork: false
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
fsGroup: fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs rule: MustRunAs
requiredDropCapabilities: ranges:
- ALL - min: 1
max: 65535
readOnlyRootFilesystem: true
runAsUser: runAsUser:
rule: MustRunAsNonRoot rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
supplementalGroups:
rule: MustRunAs
ranges:
- min: 1
max: 65535
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
seLinux: seLinux:
rule: RunAsAny rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
{{- end }} {{- end }}
{{- end }} {{- end }}

4
charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
View file

@ -2,8 +2,8 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded

10
charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
View file

@ -2,8 +2,8 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@ -16,9 +16,9 @@ metadata:
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }} {{- end }}

4
charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
View file

@ -2,8 +2,8 @@
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded

8
charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
View file

@ -6,8 +6,8 @@ kind: ValidatingWebhookConfiguration
metadata: metadata:
annotations: annotations:
{{- if .Values.controller.admissionWebhooks.certManager.enabled }} {{- if .Values.controller.admissionWebhooks.certManager.enabled }}
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }} certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s" (include "ingress-nginx.namespace" .) (include "ingress-nginx.admissionWebhooks.fullname" .) | quote }}
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }} cert-manager.io/inject-ca-from: {{ printf "%s/%s" (include "ingress-nginx.namespace" .) (include "ingress-nginx.admissionWebhooks.fullname" .) | quote }}
{{- end }} {{- end }}
{{- if .Values.controller.admissionWebhooks.annotations }} {{- if .Values.controller.admissionWebhooks.annotations }}
{{- toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }} {{- toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
@ -18,7 +18,7 @@ metadata:
{{- with .Values.controller.admissionWebhooks.labels }} {{- with .Values.controller.admissionWebhooks.labels }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
webhooks: webhooks:
- name: validate.nginx.ingress.kubernetes.io - name: validate.nginx.ingress.kubernetes.io
matchPolicy: Equivalent matchPolicy: Equivalent
@ -38,8 +38,8 @@ webhooks:
- v1 - v1
clientConfig: clientConfig:
service: service:
namespace: {{ .Release.Namespace | quote }}
name: {{ include "ingress-nginx.controller.fullname" . }}-admission name: {{ include "ingress-nginx.controller.fullname" . }}-admission
namespace: {{ include "ingress-nginx.namespace" . }}
path: /networking/v1/ingresses path: /networking/v1/ingresses
{{- if .Values.controller.admissionWebhooks.timeoutSeconds }} {{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }}

2
charts/ingress-nginx/templates/clusterrolebinding.yaml
View file

@ -15,5 +15,5 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ template "ingress-nginx.serviceAccountName" . }} name: {{ template "ingress-nginx.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/controller-configmap-addheaders.yaml
View file

@ -9,6 +9,6 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
data: {{ toYaml .Values.controller.addHeaders | nindent 2 }} data: {{ toYaml .Values.controller.addHeaders | nindent 2 }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml
View file

@ -9,6 +9,6 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
data: {{ toYaml .Values.controller.proxySetHeaders | nindent 2 }} data: {{ toYaml .Values.controller.proxySetHeaders | nindent 2 }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/controller-configmap-tcp.yaml
View file

@ -12,6 +12,6 @@ metadata:
annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }} annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }}-tcp name: {{ include "ingress-nginx.fullname" . }}-tcp
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }} data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/controller-configmap-udp.yaml
View file

@ -12,6 +12,6 @@ metadata:
annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }} annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }}-udp name: {{ include "ingress-nginx.fullname" . }}-udp
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
data: {{ tpl (toYaml .Values.udp) . | nindent 2 }} data: {{ tpl (toYaml .Values.udp) . | nindent 2 }}
{{- end }} {{- end }}

8
charts/ingress-nginx/templates/controller-configmap.yaml
View file

@ -11,17 +11,17 @@ metadata:
annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }} annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
data: data:
allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}" allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}"
{{- if .Values.controller.addHeaders }} {{- if .Values.controller.addHeaders }}
add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers add-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
{{- end }} {{- end }}
{{- if .Values.controller.proxySetHeaders }} {{- if .Values.controller.proxySetHeaders }}
proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers proxy-set-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
{{- end }} {{- end }}
{{- if .Values.dhParam }} {{- if .Values.dhParam }}
ssl-dh-param: {{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }} ssl-dh-param: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.controller.fullname" . }}
{{- end }} {{- end }}
{{- range $key, $value := .Values.controller.config }} {{- range $key, $value := .Values.controller.config }}
{{- $key | nindent 2 }}: {{ $value | quote }} {{- $key | nindent 2 }}: {{ $value | quote }}

48
charts/ingress-nginx/templates/controller-daemonset.yaml
View file

@ -10,7 +10,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
{{- if .Values.controller.annotations }} {{- if .Values.controller.annotations }}
annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
{{- end }} {{- end }}
@ -60,16 +60,16 @@ spec:
{{- end }} {{- end }}
{{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
securityContext: securityContext:
{{- end }} {{- if .Values.controller.podSecurityContext }}
{{- if .Values.controller.podSecurityContext }}
{{- toYaml .Values.controller.podSecurityContext | nindent 8 }} {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.controller.sysctls }} {{- if .Values.controller.sysctls }}
sysctls: sysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }} {{- range $sysctl, $value := .Values.controller.sysctls }}
- name: {{ $sysctl | quote }} - name: {{ $sysctl | quote }}
value: {{ $value | quote }} value: {{ $value | quote }}
{{- end }} {{- end }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.shareProcessNamespace }} {{- if .Values.controller.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }}
@ -83,9 +83,8 @@ spec:
{{- if .Values.controller.lifecycle }} {{- if .Values.controller.lifecycle }}
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
{{- end }} {{- end }}
args: args: {{ include "ingress-nginx.params" . | nindent 12 }}
{{- include "ingress-nginx.params" . | nindent 12 }} securityContext: {{ include "ingress-nginx.controller.containerSecurityContext" . | nindent 12 }}
securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }}
env: env:
- name: POD_NAME - name: POD_NAME
valueFrom: valueFrom:
@ -150,11 +149,11 @@ spec:
volumeMounts: volumeMounts:
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
- name: modules - name: modules
{{ if .Values.controller.image.chroot }} {{- if .Values.controller.image.chroot }}
mountPath: /chroot/modules_mount mountPath: /chroot/modules_mount
{{ else }} {{- else }}
mountPath: /modules_mount mountPath: /modules_mount
{{ end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.customTemplate.configMapName }} {{- if .Values.controller.customTemplate.configMapName }}
- mountPath: /etc/nginx/template - mountPath: /etc/nginx/template
@ -174,24 +173,25 @@ spec:
resources: {{ toYaml .Values.controller.resources | nindent 12 }} resources: {{ toYaml .Values.controller.resources | nindent 12 }}
{{- end }} {{- end }}
{{- if .Values.controller.extraContainers }} {{- if .Values.controller.extraContainers }}
{{ toYaml .Values.controller.extraContainers | nindent 8 }} {{- toYaml .Values.controller.extraContainers | nindent 8 }}
{{- end }} {{- end }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
initContainers: initContainers:
{{- if .Values.controller.extraInitContainers }} {{- if .Values.controller.extraInitContainers }}
{{ toYaml .Values.controller.extraInitContainers | nindent 8 }} {{- toYaml .Values.controller.extraInitContainers | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.controller.extraModules }} {{- if .Values.controller.extraModules }}
{{- range .Values.controller.extraModules }} {{- range .Values.controller.extraModules }}
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | nindent 8 }} {{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.opentelemetry.enabled }}
{{- with .Values.controller.opentelemetry }}
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.opentelemetry.enabled}}
{{- $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{ $otelResources := $.Values.controller.opentelemetry.resources | default dict }}
{{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext "distroless" true "resources" $otelResources) | nindent 8}}
{{- end}}
{{- end }} {{- end }}
{{- if .Values.controller.hostNetwork }} {{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }}
@ -227,7 +227,7 @@ spec:
{{- if .Values.controller.admissionWebhooks.enabled }} {{- if .Values.controller.admissionWebhooks.enabled }}
- name: webhook-cert - name: webhook-cert
secret: secret:
secretName: {{ include "ingress-nginx.fullname" . }}-admission secretName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
{{- if .Values.controller.admissionWebhooks.certManager.enabled }} {{- if .Values.controller.admissionWebhooks.certManager.enabled }}
items: items:
- key: tls.crt - key: tls.crt

48
charts/ingress-nginx/templates/controller-deployment.yaml
View file

@ -10,7 +10,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
{{- if .Values.controller.annotations }} {{- if .Values.controller.annotations }}
annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
{{- end }} {{- end }}
@ -63,16 +63,16 @@ spec:
{{- end }} {{- end }}
{{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
securityContext: securityContext:
{{- end }} {{- if .Values.controller.podSecurityContext }}
{{- if .Values.controller.podSecurityContext }}
{{- toYaml .Values.controller.podSecurityContext | nindent 8 }} {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.controller.sysctls }} {{- if .Values.controller.sysctls }}
sysctls: sysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }} {{- range $sysctl, $value := .Values.controller.sysctls }}
- name: {{ $sysctl | quote }} - name: {{ $sysctl | quote }}
value: {{ $value | quote }} value: {{ $value | quote }}
{{- end }} {{- end }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.shareProcessNamespace }} {{- if .Values.controller.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }}
@ -86,9 +86,8 @@ spec:
{{- if .Values.controller.lifecycle }} {{- if .Values.controller.lifecycle }}
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
{{- end }} {{- end }}
args: args: {{ include "ingress-nginx.params" . | nindent 12 }}
{{- include "ingress-nginx.params" . | nindent 12 }} securityContext: {{ include "ingress-nginx.controller.containerSecurityContext" . | nindent 12 }}
securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }}
env: env:
- name: POD_NAME - name: POD_NAME
valueFrom: valueFrom:
@ -153,11 +152,11 @@ spec:
volumeMounts: volumeMounts:
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
- name: modules - name: modules
{{ if .Values.controller.image.chroot }} {{- if .Values.controller.image.chroot }}
mountPath: /chroot/modules_mount mountPath: /chroot/modules_mount
{{ else }} {{- else }}
mountPath: /modules_mount mountPath: /modules_mount
{{ end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.customTemplate.configMapName }} {{- if .Values.controller.customTemplate.configMapName }}
- mountPath: /etc/nginx/template - mountPath: /etc/nginx/template
@ -177,24 +176,25 @@ spec:
resources: {{ toYaml .Values.controller.resources | nindent 12 }} resources: {{ toYaml .Values.controller.resources | nindent 12 }}
{{- end }} {{- end }}
{{- if .Values.controller.extraContainers }} {{- if .Values.controller.extraContainers }}
{{ toYaml .Values.controller.extraContainers | nindent 8 }} {{- toYaml .Values.controller.extraContainers | nindent 8 }}
{{- end }} {{- end }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
initContainers: initContainers:
{{- if .Values.controller.extraInitContainers }} {{- if .Values.controller.extraInitContainers }}
{{ toYaml .Values.controller.extraInitContainers | nindent 8 }} {{- toYaml .Values.controller.extraInitContainers | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.controller.extraModules }} {{- if .Values.controller.extraModules }}
{{- range .Values.controller.extraModules }} {{- range .Values.controller.extraModules }}
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | nindent 8 }} {{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.opentelemetry.enabled }}
{{- with .Values.controller.opentelemetry }}
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.opentelemetry.enabled}}
{{- $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{ $otelResources := $.Values.controller.opentelemetry.resources | default dict }}
{{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext "distroless" true "resources" $otelResources) | nindent 8}}
{{- end}}
{{- end }} {{- end }}
{{- if .Values.controller.hostNetwork }} {{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }}
@ -230,7 +230,7 @@ spec:
{{- if .Values.controller.admissionWebhooks.enabled }} {{- if .Values.controller.admissionWebhooks.enabled }}
- name: webhook-cert - name: webhook-cert
secret: secret:
secretName: {{ include "ingress-nginx.fullname" . }}-admission secretName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
{{- if .Values.controller.admissionWebhooks.certManager.enabled }} {{- if .Values.controller.admissionWebhooks.certManager.enabled }}
items: items:
- key: tls.crt - key: tls.crt

2
charts/ingress-nginx/templates/controller-hpa.yaml
View file

@ -12,7 +12,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
scaleTargetRef: scaleTargetRef:
apiVersion: apps/v1 apiVersion: apps/v1

3
charts/ingress-nginx/templates/controller-keda.yaml
View file

@ -1,6 +1,4 @@
{{- if and .Values.controller.keda.enabled (eq .Values.controller.kind "Deployment") -}} {{- if and .Values.controller.keda.enabled (eq .Values.controller.kind "Deployment") -}}
# https://keda.sh/docs/
apiVersion: {{ .Values.controller.keda.apiVersion }} apiVersion: {{ .Values.controller.keda.apiVersion }}
kind: ScaledObject kind: ScaledObject
metadata: metadata:
@ -11,6 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
{{- if .Values.controller.keda.scaledObject.annotations }} {{- if .Values.controller.keda.scaledObject.annotations }}
annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }} annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/controller-networkpolicy.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
podSelector: podSelector:
matchLabels: matchLabels:

2
charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
{{- if .Values.controller.annotations }} {{- if .Values.controller.annotations }}
annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
{{- end }} {{- end }}

4
charts/ingress-nginx/templates/controller-prometheusrules.yaml
View file

@ -4,7 +4,9 @@ kind: PrometheusRule
metadata: metadata:
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
{{- if .Values.controller.metrics.prometheusRule.namespace }} {{- if .Values.controller.metrics.prometheusRule.namespace }}
namespace: {{ .Values.controller.metrics.prometheusRule.namespace | quote }} namespace: {{ .Values.controller.metrics.prometheusRule.namespace }}
{{- else }}
namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }} {{- end }}
labels: labels:
{{- include "ingress-nginx.labels" . | nindent 4 }} {{- include "ingress-nginx.labels" . | nindent 4 }}

142
charts/ingress-nginx/templates/controller-psp.yaml
View file

@ -4,6 +4,8 @@ apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }} name: {{ include "ingress-nginx.fullname" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*"
labels: labels:
{{- include "ingress-nginx.labels" . | nindent 4 }} {{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
@ -11,84 +13,88 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
allowedCapabilities:
- NET_BIND_SERVICE
{{- if .Values.controller.image.chroot }}
- SYS_CHROOT
{{- end }}
{{- if .Values.controller.sysctls }}
allowedUnsafeSysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }}
- {{ $sysctl }}
{{- end }}
{{- end }}
privileged: false privileged: false
allowPrivilegeEscalation: true hostPID: false
# Allow core volume types. hostIPC: false
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }}
{{- end }}
{{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }} {{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }}
hostPorts: hostPorts:
{{- if .Values.controller.hostNetwork }} {{- if .Values.controller.hostNetwork }}
{{- range $key, $value := .Values.controller.containerPort }} {{- range $key, $value := .Values.controller.containerPort }}
# {{ $key }} # controller.containerPort.{{ $key }}
- min: {{ $value }} - min: {{ $value }}
max: {{ $value }} max: {{ $value }}
{{- end }}
{{- else if .Values.controller.hostPort.enabled }}
{{- range $key, $value := .Values.controller.hostPort.ports }}
# controller.hostPort.ports.{{ $key }}
- min: {{ $value }}
max: {{ $value }}
{{- end }}
{{- end }}
{{- if .Values.controller.metrics.enabled }}
# controller.metrics.port
- min: {{ .Values.controller.metrics.port }}
max: {{ .Values.controller.metrics.port }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
# controller.admissionWebhooks.port
- min: {{ .Values.controller.admissionWebhooks.port }}
max: {{ .Values.controller.admissionWebhooks.port }}
{{- end }}
{{- range $key, $value := .Values.tcp }}
# tcp.{{ $key }}
- min: {{ $key }}
max: {{ $key }}
{{- end }}
{{- range $key, $value := .Values.udp }}
# udp.{{ $key }}
- min: {{ $key }}
max: {{ $key }}
{{- end }}
{{- end }} {{- end }}
{{- else if .Values.controller.hostPort.enabled }} volumes:
{{- range $key, $value := .Values.controller.hostPort.ports }} - configMap
# {{ $key }} - downwardAPI
- min: {{ $value }} - emptyDir
max: {{ $value }} - secret
{{- end }} - projected
{{- end }}
{{- if .Values.controller.metrics.enabled }}
# metrics
- min: {{ .Values.controller.metrics.port }}
max: {{ .Values.controller.metrics.port }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
# admission webhooks
- min: {{ .Values.controller.admissionWebhooks.port }}
max: {{ .Values.controller.admissionWebhooks.port }}
{{- end }}
{{- range $key, $value := .Values.tcp }}
# {{ $key }}-tcp
- min: {{ $key }}
max: {{ $key }}
{{- end }}
{{- range $key, $value := .Values.udp }}
# {{ $key }}-udp
- min: {{ $key }}
max: {{ $key }}
{{- end }}
{{- end }}
hostIPC: false
hostPID: false
runAsUser:
# Require the container to run without root privileges.
rule: 'MustRunAsNonRoot'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup: fsGroup:
rule: 'MustRunAs' rule: MustRunAs
ranges: ranges:
# Forbid adding the root group.
- min: 1 - min: 1
max: 65535 max: 65535
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
runAsUser:
rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
supplementalGroups:
rule: MustRunAs
ranges:
- min: 1
max: 65535
allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }}
requiredDropCapabilities:
- ALL
allowedCapabilities:
- NET_BIND_SERVICE
{{- if .Values.controller.image.chroot }}
{{- if .Values.controller.image.seccompProfile }}
- SYS_ADMIN
{{- end }}
- SYS_CHROOT
{{- end }}
seLinux: seLinux:
rule: 'RunAsAny' rule: RunAsAny
{{- if .Values.controller.sysctls }}
allowedUnsafeSysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }}
- {{ $sysctl }}
{{- end }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/controller-role.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }} name: {{ include "ingress-nginx.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""

4
charts/ingress-nginx/templates/controller-rolebinding.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }} name: {{ include "ingress-nginx.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
@ -17,5 +17,5 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ template "ingress-nginx.serviceAccountName" . }} name: {{ template "ingress-nginx.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/controller-secret.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
data: data:
dhparam.pem: {{ .Values.dhParam }} dhparam.pem: {{ .Values.dhParam }}
{{- end }} {{- end }}

5
charts/ingress-nginx/templates/controller-service-internal.yaml
View file

@ -13,9 +13,12 @@ metadata:
{{- toYaml .Values.controller.service.labels | nindent 4 }} {{- toYaml .Values.controller.service.labels | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}-internal name: {{ include "ingress-nginx.controller.fullname" . }}-internal
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
type: "{{ .Values.controller.service.type }}" type: "{{ .Values.controller.service.type }}"
{{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }}
allocateLoadBalancerNodePorts: {{ .Values.controller.service.internal.allocateLoadBalancerNodePorts }}
{{- end }}
{{- if .Values.controller.service.internal.loadBalancerIP }} {{- if .Values.controller.service.internal.loadBalancerIP }}
loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }} loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/controller-service-metrics.yaml
View file

@ -12,7 +12,7 @@ metadata:
{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}-metrics name: {{ include "ingress-nginx.controller.fullname" . }}-metrics
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
type: {{ .Values.controller.metrics.service.type }} type: {{ .Values.controller.metrics.service.type }}
{{- if .Values.controller.metrics.service.clusterIP }} {{- if .Values.controller.metrics.service.clusterIP }}

2
charts/ingress-nginx/templates/controller-service-webhook.yaml
View file

@ -12,7 +12,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}-admission name: {{ include "ingress-nginx.controller.fullname" . }}-admission
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
type: {{ .Values.controller.admissionWebhooks.service.type }} type: {{ .Values.controller.admissionWebhooks.service.type }}
{{- if .Values.controller.admissionWebhooks.service.clusterIP }} {{- if .Values.controller.admissionWebhooks.service.clusterIP }}

5
charts/ingress-nginx/templates/controller-service.yaml
View file

@ -13,9 +13,12 @@ metadata:
{{- toYaml .Values.controller.service.labels | nindent 4 }} {{- toYaml .Values.controller.service.labels | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
type: {{ .Values.controller.service.type }} type: {{ .Values.controller.service.type }}
{{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }}
allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }}
{{- end }}
{{- if .Values.controller.service.clusterIP }} {{- if .Values.controller.service.clusterIP }}
clusterIP: {{ .Values.controller.service.clusterIP }} clusterIP: {{ .Values.controller.service.clusterIP }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/controller-serviceaccount.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ template "ingress-nginx.serviceAccountName" . }} name: {{ template "ingress-nginx.serviceAccountName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
{{- if .Values.serviceAccount.annotations }} {{- if .Values.serviceAccount.annotations }}
annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
{{- end }} {{- end }}

6
charts/ingress-nginx/templates/controller-servicemonitor.yaml
View file

@ -4,9 +4,9 @@ kind: ServiceMonitor
metadata: metadata:
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
{{- if .Values.controller.metrics.serviceMonitor.namespace }} {{- if .Values.controller.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }} namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
{{- else }} {{- else }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }} {{- end }}
labels: labels:
{{- include "ingress-nginx.labels" . | nindent 4 }} {{- include "ingress-nginx.labels" . | nindent 4 }}
@ -35,7 +35,7 @@ spec:
{{- else }} {{- else }}
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- {{ .Release.Namespace }} - {{ include "ingress-nginx.namespace" . }}
{{- end }} {{- end }}
{{- if .Values.controller.metrics.serviceMonitor.targetLabels }} {{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
targetLabels: targetLabels:

11
charts/ingress-nginx/templates/default-backend-deployment.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.defaultBackend.fullname" . }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -65,14 +65,7 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
securityContext: securityContext: {{ include "ingress-nginx.defaultBackend.containerSecurityContext" . | nindent 12 }}
capabilities:
drop:
- ALL
runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}}
{{- if .Values.defaultBackend.extraEnvs }} {{- if .Values.defaultBackend.extraEnvs }}
env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }} env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/default-backend-hpa.yaml
View file

@ -12,7 +12,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.defaultBackend.fullname" . }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
scaleTargetRef: scaleTargetRef:
apiVersion: apps/v1 apiVersion: apps/v1

2
charts/ingress-nginx/templates/default-backend-networkpolicy.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.defaultBackend.fullname" . }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
podSelector: podSelector:
matchLabels: matchLabels:

2
charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml
View file

@ -10,7 +10,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.defaultBackend.fullname" . }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
selector: selector:
matchLabels: matchLabels:

46
charts/ingress-nginx/templates/default-backend-psp.yaml
View file

@ -4,6 +4,8 @@ apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-backend name: {{ include "ingress-nginx.fullname" . }}-backend
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*"
labels: labels:
{{- include "ingress-nginx.labels" . | nindent 4 }} {{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend app.kubernetes.io/component: default-backend
@ -11,28 +13,38 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
allowPrivilegeEscalation: false privileged: false
hostPID: false
hostIPC: false
hostNetwork: false
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
fsGroup: fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs rule: MustRunAs
requiredDropCapabilities: ranges:
- ALL - min: 1
max: 65535
readOnlyRootFilesystem: true
runAsUser: runAsUser:
rule: MustRunAsNonRoot rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
supplementalGroups:
rule: MustRunAs
ranges:
- min: 1
max: 65535
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
seLinux: seLinux:
rule: RunAsAny rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
{{- end }} {{- end }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/default-backend-role.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }}-backend name: {{ include "ingress-nginx.fullname" . }}-backend
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
rules: rules:
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
resources: ['podsecuritypolicies'] resources: ['podsecuritypolicies']

4
charts/ingress-nginx/templates/default-backend-rolebinding.yaml
View file

@ -9,7 +9,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }}-backend name: {{ include "ingress-nginx.fullname" . }}-backend
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
@ -17,5 +17,5 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/default-backend-service.yaml
View file

@ -12,7 +12,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.defaultBackend.fullname" . }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
type: {{ .Values.defaultBackend.service.type }} type: {{ .Values.defaultBackend.service.type }}
{{- if .Values.defaultBackend.service.clusterIP }} {{- if .Values.defaultBackend.service.clusterIP }}

2
charts/ingress-nginx/templates/default-backend-serviceaccount.yaml
View file

@ -9,6 +9,6 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ include "ingress-nginx.namespace" . }}
automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }}
{{- end }} {{- end }}

106
charts/ingress-nginx/values.yaml
View file

@ -7,6 +7,9 @@
# nameOverride: # nameOverride:
# fullnameOverride: # fullnameOverride:
# -- Override the deployment namespace; defaults to .Release.Namespace
namespaceOverride: ""
## Labels to apply to all resources ## Labels to apply to all resources
## ##
commonLabels: {} commonLabels: {}
@ -24,13 +27,17 @@ controller:
## for backwards compatibility consider setting the full image url via the repository value below ## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository: ## repository:
tag: "v1.9.3" tag: "v1.9.4"
digest: sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 digest: sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
digestChroot: sha256:df4931fd6859fbf1a71e785f02a44b2f9a16f010ae852c442e9bb779cbefdc86 digestChroot: sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
runAsNonRoot: true
# www-data -> uid 101 # www-data -> uid 101
runAsUser: 101 runAsUser: 101
allowPrivilegeEscalation: true allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: false
# -- Use an existing PSP instead of creating one # -- Use an existing PSP instead of creating one
existingPsp: "" existingPsp: ""
# -- Configures the controller container name # -- Configures the controller container name
@ -124,12 +131,15 @@ controller:
podLabels: {} podLabels: {}
# key: value # key: value
# -- Security Context policies for controller pods # -- Security context for controller pods
podSecurityContext: {} podSecurityContext: {}
# -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # -- sysctls for controller pods
## Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
sysctls: {} sysctls: {}
# sysctls: # sysctls:
# "net.core.somaxconn": "8192" # "net.core.somaxconn": "8192"
# -- Security context for controller containers
containerSecurityContext: {}
# -- Allows customization of the source of the IP address or FQDN to report # -- Allows customization of the source of the IP address or FQDN to report
# in the ingress status field. By default, it reads the information provided # in the ingress status field. By default, it reads the information provided
@ -170,6 +180,9 @@ controller:
extraArgs: {} extraArgs: {}
## extraArgs: ## extraArgs:
## default-ssl-certificate: "<namespace>/<secret_name>" ## default-ssl-certificate: "<namespace>/<secret_name>"
## time-buckets: "0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"
## length-buckets: "10,20,30,40,50,60,70,80,90,100"
## size-buckets: "10,100,1000,10000,100000,1e+06,1e+07"
# -- Additional environment variables to set # -- Additional environment variables to set
extraEnvs: [] extraEnvs: []
@ -336,7 +349,7 @@ controller:
# -- Minimum available pods set in PodDisruptionBudget. # -- Minimum available pods set in PodDisruptionBudget.
# Define either 'minAvailable' or 'maxUnavailable', never both. # Define either 'minAvailable' or 'maxUnavailable', never both.
minAvailable: 1 minAvailable: 1
# -- Maximum unavalaile pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored.
# maxUnavailable: 1 # maxUnavailable: 1
## Define requests resources to avoid probe issues due to CPU utilization in busy nodes ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes
@ -449,6 +462,9 @@ controller:
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
## ##
externalIPs: [] externalIPs: []
# -- Set to false to disable loadbalancer node port allocation
# See https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
# allocateLoadBalancerNodePorts: true
# -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
loadBalancerIP: "" loadBalancerIP: ""
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
@ -504,6 +520,9 @@ controller:
enabled: false enabled: false
# -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine.
annotations: {} annotations: {}
# -- Set to false to disable loadbalancer node port allocation
# See https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
# allocateLoadBalancerNodePorts: true
# -- Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. # -- Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS.
loadBalancerIP: "" loadBalancerIP: ""
# -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0.
@ -569,8 +588,18 @@ controller:
extraModules: [] extraModules: []
# - name: mytestmodule # - name: mytestmodule
# image: registry.k8s.io/ingress-nginx/mytestmodule # image: registry.k8s.io/ingress-nginx/mytestmodule
# distroless: false
# containerSecurityContext: # containerSecurityContext:
# runAsNonRoot: true
# runAsUser: <user-id>
# allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
# seccompProfile:
# type: RuntimeDefault
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# resources: {}
# #
# The image must contain a `/usr/local/bin/init_module.sh` executable, which # The image must contain a `/usr/local/bin/init_module.sh` executable, which
# will be executed as initContainers, to move its config files within the # will be executed as initContainers, to move its config files within the
@ -578,11 +607,23 @@ controller:
opentelemetry: opentelemetry:
enabled: false enabled: false
name: opentelemetry
image: registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472 image: registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472
distroless: true
containerSecurityContext: containerSecurityContext:
runAsNonRoot: true
# -- The image's default user, inherited from its base image `cgr.dev/chainguard/static`.
runAsUser: 65532
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
resources: {} resources: {}
admissionWebhooks: admissionWebhooks:
name: admission
annotations: {} annotations: {}
# ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem".
@ -619,8 +660,18 @@ controller:
servicePort: 443 servicePort: 443
type: ClusterIP type: ClusterIP
createSecretJob: createSecretJob:
name: create
# -- Security context for secret creation containers
securityContext: securityContext:
runAsNonRoot: true
runAsUser: 65532
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
resources: {} resources: {}
# limits: # limits:
# cpu: 10m # cpu: 10m
@ -629,8 +680,18 @@ controller:
# cpu: 10m # cpu: 10m
# memory: 20Mi # memory: 20Mi
patchWebhookJob: patchWebhookJob:
name: patch
# -- Security context for webhook patch containers
securityContext: securityContext:
runAsNonRoot: true
runAsUser: 65532
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
resources: {} resources: {}
patch: patch:
enabled: true enabled: true
@ -652,10 +713,8 @@ controller:
tolerations: [] tolerations: []
# -- Labels to be added to patch job resources # -- Labels to be added to patch job resources
labels: {} labels: {}
securityContext: # -- Security context for secret creation & webhook patch pods
runAsNonRoot: true securityContext: {}
runAsUser: 2000
fsGroup: 2000
# Use certmanager to generate webhook certs # Use certmanager to generate webhook certs
certManager: certManager:
enabled: false enabled: false
@ -699,7 +758,7 @@ controller:
## jobLabel: "app.kubernetes.io/name" ## jobLabel: "app.kubernetes.io/name"
namespace: "" namespace: ""
namespaceSelector: {} namespaceSelector: {}
## Default: scrape .Release.Namespace only ## Default: scrape .Release.Namespace or namespaceOverride only
## To scrape all, use the following: ## To scrape all, use the following:
## namespaceSelector: ## namespaceSelector:
## any: true ## any: true
@ -722,8 +781,13 @@ controller:
# annotations: # annotations:
# description: bad ingress config - nginx config test failed # description: bad ingress config - nginx config test failed
# summary: uninstall the latest ingress changes to allow config reloads to resume # summary: uninstall the latest ingress changes to allow config reloads to resume
# # By default a fake self-signed certificate is generated as default and
# # it is fine if it expires. If `--default-ssl-certificate` flag is used
# # and a valid certificate passed please do not filter for `host` label!
# # (i.e. delete `{host!="_"}` so also the default SSL certificate is
# # checked for expiration)
# - alert: NGINXCertificateExpiry # - alert: NGINXCertificateExpiry
# expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds{host!="_"}) by (host) - time()) < 604800
# for: 1s # for: 1s
# labels: # labels:
# severity: critical # severity: critical
@ -776,11 +840,13 @@ defaultBackend:
## repository: ## repository:
tag: "1.5" tag: "1.5"
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
runAsNonRoot: true
# nobody user -> uid 65534 # nobody user -> uid 65534
runAsUser: 65534 runAsUser: 65534
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
# -- Use an existing PSP instead of creating one # -- Use an existing PSP instead of creating one
existingPsp: "" existingPsp: ""
extraArgs: {} extraArgs: {}
@ -826,15 +892,9 @@ defaultBackend:
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
affinity: {} affinity: {}
# -- Security Context policies for controller pods # -- Security context for default backend pods
# See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
# notes on enabling and using sysctls
##
podSecurityContext: {} podSecurityContext: {}
# -- Security Context policies for controller main container. # -- Security context for default backend containers
# See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
# notes on enabling and using sysctls
##
containerSecurityContext: {} containerSecurityContext: {}
# -- Labels to add to the pod container metadata # -- Labels to add to the pod container metadata
podLabels: {} podLabels: {}

46
deploy/static/provider/aws/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -344,7 +344,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -377,7 +377,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -400,7 +400,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -422,7 +422,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
spec: spec:
containers: containers:
- args: - args:
@ -446,7 +446,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 image: registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -518,7 +518,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -529,7 +529,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -565,7 +565,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -576,7 +576,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -614,7 +614,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -627,7 +627,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -650,7 +650,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

46
deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -335,7 +335,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -353,7 +353,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -386,7 +386,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -409,7 +409,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -431,7 +431,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
spec: spec:
containers: containers:
- args: - args:
@ -455,7 +455,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 image: registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -530,7 +530,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -541,7 +541,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -577,7 +577,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -588,7 +588,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -626,7 +626,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -639,7 +639,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -662,7 +662,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

46
deploy/static/provider/baremetal/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -340,7 +340,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -372,7 +372,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -395,7 +395,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -417,7 +417,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
spec: spec:
containers: containers:
- args: - args:
@ -440,7 +440,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 image: registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -512,7 +512,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -523,7 +523,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -559,7 +559,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -570,7 +570,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -608,7 +608,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -621,7 +621,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -644,7 +644,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

46
deploy/static/provider/cloud/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -340,7 +340,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -373,7 +373,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -396,7 +396,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -418,7 +418,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
spec: spec:
containers: containers:
- args: - args:
@ -442,7 +442,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 image: registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -514,7 +514,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -525,7 +525,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -561,7 +561,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -572,7 +572,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -610,7 +610,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -623,7 +623,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -646,7 +646,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

46
deploy/static/provider/do/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -329,7 +329,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -343,7 +343,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -376,7 +376,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -399,7 +399,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -421,7 +421,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
spec: spec:
containers: containers:
- args: - args:
@ -445,7 +445,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 image: registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -517,7 +517,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -528,7 +528,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -564,7 +564,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -575,7 +575,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -613,7 +613,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -626,7 +626,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -649,7 +649,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

46
deploy/static/provider/exoscale/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -349,7 +349,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -382,7 +382,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -405,7 +405,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -423,7 +423,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
spec: spec:
containers: containers:
- args: - args:
@ -447,7 +447,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 image: registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -523,7 +523,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -534,7 +534,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -570,7 +570,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -581,7 +581,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -619,7 +619,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -632,7 +632,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -655,7 +655,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

46
deploy/static/provider/kind/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -340,7 +340,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -372,7 +372,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -395,7 +395,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -417,7 +417,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
spec: spec:
containers: containers:
- args: - args:
@ -442,7 +442,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 image: registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -524,7 +524,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -535,7 +535,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -571,7 +571,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -582,7 +582,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -620,7 +620,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -633,7 +633,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -656,7 +656,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

46
deploy/static/provider/oracle/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -344,7 +344,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -377,7 +377,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -400,7 +400,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -422,7 +422,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
spec: spec:
containers: containers:
- args: - args:
@ -446,7 +446,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 image: registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -518,7 +518,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -529,7 +529,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -565,7 +565,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -576,7 +576,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -614,7 +614,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -627,7 +627,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -650,7 +650,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

46
deploy/static/provider/scw/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -329,7 +329,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -343,7 +343,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -376,7 +376,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -399,7 +399,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -421,7 +421,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
spec: spec:
containers: containers:
- args: - args:
@ -445,7 +445,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 image: registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -517,7 +517,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -528,7 +528,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -564,7 +564,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -575,7 +575,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -613,7 +613,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -626,7 +626,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -649,7 +649,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3 app.kubernetes.io/version: 1.9.4
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

110
docs/enhancements/20231001-split-containers.md Normal file
View file

@ -0,0 +1,110 @@
# Proposal to split containers
* All the NGINX files should live on one container
* No file other than NGINX files should exist on this container
* This includes not mounting the service account
* All the controller files should live on a different container
* Controller container should have bare minimum to work (just go program)
* ServiceAccount should be mounted just on controller
* Inside nginx container, there should be a really small http listener just able
to start, stop and reload NGINX
## Roadmap (what needs to be done)
* Map what needs to be done to mount the SA just on controller container
* Map all the required files for NGINX to work
* Map all the required network calls between controller and NGINX
* eg.: Dynamic lua reconfiguration
* Map problematic features that will need attention
* SSLPassthrough today happens on controller process and needs to happen on NGINX
### Ports and endpoints on NGINX container
* Public HTTP/HTTPs port - 80 and 443
* Lua configuration port - 10246 (HTTP) and 10247 (Stream)
* 3333 (temp) - Dataplane controller http server
* /reload - (POST) Reloads the configuration.
* "config" argument is the location of temporary file that should be used / moved to nginx.conf
* /test - (POST) Test the configuration of a given file location
* "config" argument is the location of temporary file that should be tested
### Mounting empty SA on controller container
```yaml
kind: Pod
apiVersion: v1
metadata:
name: test
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
- name: othernginx
image: alpine:latest
command: ["/bin/sh"]
args: ["-c", "while true; do date; sleep 3; done"]
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: emptysecret
volumes:
- name: emptysecret
emptyDir:
sizeLimit: 1Mi
```
### Mapped folders on NGINX configuration
**WARNING** We need to be aware of inter mount containers and inode problems. If we
mount a file instead of a directory, it may take time to reflect the file value on
the target container
* "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;;"; - Lua scripts
* "/var/log/nginx" - NGINX logs
* "/tmp/nginx (nginx.pid)" - NGINX pid directory / file, fcgi socket, etc
* " /etc/nginx/geoip" - GeoIP database directory - OK - /etc/ingress-controller/geoip
* /etc/nginx/mime.types - Mime types
* /etc/ingress-controller/ssl - SSL directory (fake cert, auth cert)
* /etc/ingress-controller/auth - Authentication files
* /etc/nginx/modsecurity - Modsecurity configuration
* /etc/nginx/owasp-modsecurity-crs - Modsecurity rules
* /etc/nginx/tickets.key - SSL tickets - OK - /etc/ingress-controller/tickets.key
* /etc/nginx/opentelemetry.toml - OTEL config - OK - /etc/ingress-controller/telemetry
* /etc/nginx/opentracing.json - Opentracing config - OK - /etc/ingress-controller/telemetry
* /etc/nginx/modules - NGINX modules
* /etc/nginx/fastcgi_params (maybe) - fcgi params
* /etc/nginx/template - Template, may be used by controller only
##### List of modules
```
ngx_http_auth_digest_module.so ngx_http_modsecurity_module.so
ngx_http_brotli_filter_module.so ngx_http_opentracing_module.so
ngx_http_brotli_static_module.so ngx_stream_geoip2_module.so
ngx_http_geoip2_module.so
```
##### List of files that may be removed
```
-rw-r--r-- 1 www-data www-data 1077 Jun 23 19:44 fastcgi.conf
-rw-r--r-- 1 www-data www-data 1077 Jun 23 19:44 fastcgi.conf.default
-rw-r--r-- 1 www-data www-data 1007 Jun 23 19:44 fastcgi_params
-rw-r--r-- 1 www-data www-data 1007 Jun 23 19:44 fastcgi_params.default
drwxr-xr-x 2 www-data www-data 4096 Jun 23 19:34 geoip
-rw-r--r-- 1 www-data www-data 2837 Jun 23 19:44 koi-utf
-rw-r--r-- 1 www-data www-data 2223 Jun 23 19:44 koi-win
drwxr-xr-x 6 www-data www-data 4096 Sep 19 14:13 lua
-rw-r--r-- 1 www-data www-data 5349 Jun 23 19:44 mime.types
-rw-r--r-- 1 www-data www-data 5349 Jun 23 19:44 mime.types.default
drwxr-xr-x 2 www-data www-data 4096 Jun 23 19:44 modsecurity
drwxr-xr-x 2 www-data www-data 4096 Jun 23 19:44 modules
-rw-r--r-- 1 www-data www-data 18275 Oct 1 21:28 nginx.conf
-rw-r--r-- 1 www-data www-data 2656 Jun 23 19:44 nginx.conf.default
-rwx------ 1 www-data www-data 420 Oct 1 21:28 opentelemetry.toml
-rw-r--r-- 1 www-data www-data 2 Oct 1 21:28 opentracing.json
drwxr-xr-x 7 www-data www-data 4096 Jun 23 19:44 owasp-modsecurity-crs
-rw-r--r-- 1 www-data www-data 636 Jun 23 19:44 scgi_params
-rw-r--r-- 1 www-data www-data 636 Jun 23 19:44 scgi_params.default
drwxr-xr-x 2 www-data www-data 4096 Sep 19 14:13 template
-rw-r--r-- 1 www-data www-data 664 Jun 23 19:44 uwsgi_params
-rw-r--r-- 1 www-data www-data 664 Jun 23 19:44 uwsgi_params.default
-rw-r--r-- 1 www-data www-data 3610 Jun 23 19:44 win-utf
```

4
docs/how-it-works.md
View file

@ -58,13 +58,13 @@ In a relatively big cluster with frequently deploying apps this feature saves si
### Avoiding outage from wrong configuration ### Avoiding outage from wrong configuration
Because the ingress controller works using the [synchronization loop pattern](https://coreos.com/kubernetes/docs/latest/replication-controller.html#the-reconciliation-loop-in-detail), it is applying the configuration for all matching objects. In case some Ingress objects have a broken configuration, for example a syntax error in the `nginx.ingress.kubernetes.io/configuration-snippet` annotation, the generated configuration becomes invalid, does not reload and hence no more ingresses will be taken into account. Because the ingress controller works using the [synchronization loop pattern][1], it is applying the configuration for all matching objects. In case some Ingress objects have a broken configuration, for example a syntax error in the `nginx.ingress.kubernetes.io/configuration-snippet` annotation, the generated configuration becomes invalid, does not reload and hence no more ingresses will be taken into account.
To prevent this situation to happen, the Ingress-Nginx Controller optionally exposes a [validating admission webhook server][8] to ensure the validity of incoming ingress objects. To prevent this situation to happen, the Ingress-Nginx Controller optionally exposes a [validating admission webhook server][8] to ensure the validity of incoming ingress objects.
This webhook appends the incoming ingress objects to the list of ingresses, generates the configuration and calls nginx to ensure the configuration has no syntax errors. This webhook appends the incoming ingress objects to the list of ingresses, generates the configuration and calls nginx to ensure the configuration has no syntax errors.
[0]: https://github.com/openresty/lua-nginx-module/pull/1259 [0]: https://github.com/openresty/lua-nginx-module/pull/1259
[1]: https://coreos.com/kubernetes/docs/latest/replication-controller.html#the-reconciliation-loop-in-detail [1]: https://github.com/coreos/docs/blob/master/kubernetes/replication-controller.md#the-reconciliation-loop-in-detail
[2]: https://godoc.org/k8s.io/client-go/informers#NewFilteredSharedInformerFactory [2]: https://godoc.org/k8s.io/client-go/informers#NewFilteredSharedInformerFactory
[3]: https://godoc.org/k8s.io/client-go/tools/cache#ResourceEventHandlerFuncs [3]: https://godoc.org/k8s.io/client-go/tools/cache#ResourceEventHandlerFuncs
[4]: https://github.com/kubernetes/ingress-nginx/blob/main/internal/task/queue.go#L38 [4]: https://github.com/kubernetes/ingress-nginx/blob/main/internal/task/queue.go#L38

2
docs/troubleshooting.md
View file

@ -419,6 +419,7 @@ spec:
operator: "Exists" operator: "Exists"
effect: NoSchedule effect: NoSchedule
``` ```
* update the namespace if applicable/desired * update the namespace if applicable/desired
* replace `##_NODE_NAME_##` with the problematic node (or remove nodeSelector section if problem is not confined to one node) * replace `##_NODE_NAME_##` with the problematic node (or remove nodeSelector section if problem is not confined to one node)
* replace `##_CONTROLLER_IMAGE_##` with the same image as in use by your ingress-nginx deployment * replace `##_CONTROLLER_IMAGE_##` with the same image as in use by your ingress-nginx deployment
@ -445,6 +446,7 @@ $ capsh --decode=0000000000000400
## Create a test pod as root ## Create a test pod as root
(Note, this may be restricted by PodSecurityPolicy, PodSecurityAdmission/Standards, OPA Gatekeeper, etc. in which case you will need to do the appropriate workaround for testing, e.g. deploy in a new namespace without the restrictions.) (Note, this may be restricted by PodSecurityPolicy, PodSecurityAdmission/Standards, OPA Gatekeeper, etc. in which case you will need to do the appropriate workaround for testing, e.g. deploy in a new namespace without the restrictions.)
To test further you may want to install additional utilities, etc. Modify the pod yaml by: To test further you may want to install additional utilities, etc. Modify the pod yaml by:
* changing runAsUser from 101 to 0 * changing runAsUser from 101 to 0
* removing the "drop..ALL" section from the capabilities. * removing the "drop..ALL" section from the capabilities.

9
docs/user-guide/nginx-configuration/configmap.md
View file

@ -39,6 +39,7 @@ The following table shows a configuration option's name, type, and the default v
|[http-access-log-path](#http-access-log-path)|string|""|| |[http-access-log-path](#http-access-log-path)|string|""||
|[stream-access-log-path](#stream-access-log-path)|string|""|| |[stream-access-log-path](#stream-access-log-path)|string|""||
|[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"|| |[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"||
|[enable-auth-access-log](#enable-auth-access-log)|bool|"false"||
|[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"|| |[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"||
|[enable-modsecurity](#enable-modsecurity)|bool|"false"|| |[enable-modsecurity](#enable-modsecurity)|bool|"false"||
|[modsecurity-snippet](#modsecurity-snippet)|string|""|| |[modsecurity-snippet](#modsecurity-snippet)|string|""||
@ -61,7 +62,7 @@ The following table shows a configuration option's name, type, and the default v
|[http2-max-concurrent-streams](#http2-max-concurrent-streams)|int|128|| |[http2-max-concurrent-streams](#http2-max-concurrent-streams)|int|128||
|[hsts](#hsts)|bool|"true"|| |[hsts](#hsts)|bool|"true"||
|[hsts-include-subdomains](#hsts-include-subdomains)|bool|"true"|| |[hsts-include-subdomains](#hsts-include-subdomains)|bool|"true"||
|[hsts-max-age](#hsts-max-age)|string|"15724800"|| |[hsts-max-age](#hsts-max-age)|string|"31536000"||
|[hsts-preload](#hsts-preload)|bool|"false"|| |[hsts-preload](#hsts-preload)|bool|"false"||
|[keep-alive](#keep-alive)|int|75|| |[keep-alive](#keep-alive)|int|75||
|[keep-alive-requests](#keep-alive-requests)|int|1000|| |[keep-alive-requests](#keep-alive-requests)|int|1000||
@ -163,7 +164,7 @@ The following table shows a configuration option's name, type, and the default v
|[enable-opentelemetry](#enable-opentelemetry)|bool|"false"|| |[enable-opentelemetry](#enable-opentelemetry)|bool|"false"||
|[opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span)|bool|"true"|| |[opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span)|bool|"true"||
|[opentelemetry-operation-name](#opentelemetry-operation-name)|string|""|| |[opentelemetry-operation-name](#opentelemetry-operation-name)|string|""||
|[opentelemetry-config](#/etc/nginx/opentelemetry.toml)|string|"/etc/nginx/opentelemetry.toml"|| |[opentelemetry-config](#/etc/ingress-controller/telemetry/opentelemetry.toml)|string|"/etc/ingress-controller/telemetry/opentelemetry.toml"||
|[otlp-collector-host](#otlp-collector-host)|string|""|| |[otlp-collector-host](#otlp-collector-host)|string|""||
|[otlp-collector-port](#otlp-collector-port)|int|4317|| |[otlp-collector-port](#otlp-collector-port)|int|4317||
|[otel-max-queuesize](#otel-max-queuesize)|int||| |[otel-max-queuesize](#otel-max-queuesize)|int|||
@ -327,6 +328,10 @@ __Note:__ If not specified, the `access-log-path` will be used.
Enables logging access to default backend. _**default:**_ is disabled. Enables logging access to default backend. _**default:**_ is disabled.
## enable-auth-access-log
Enables logging access to the authentication endpoint. _**default:**_ is disabled.
## error-log-path ## error-log-path
Error log path. Goes to `/var/log/nginx/error.log` by default. Error log path. Goes to `/var/log/nginx/error.log` by default.

2
docs/user-guide/third-party-addons/opentelemetry.md
View file

@ -165,7 +165,7 @@ To install the example and collectors run:
kind: ConfigMap kind: ConfigMap
data: data:
enable-opentelemetry: "true" enable-opentelemetry: "true"
opentelemetry-config: "/etc/nginx/opentelemetry.toml" opentelemetry-config: "/etc/ingress-controller/telemetry/opentelemetry.toml"
opentelemetry-operation-name: "HTTP $request_method $service_name $uri" opentelemetry-operation-name: "HTTP $request_method $service_name $uri"
opentelemetry-trust-incoming-span: "true" opentelemetry-trust-incoming-span: "true"
otlp-collector-host: "otel-coll-collector.otel.svc" otlp-collector-host: "otel-coll-collector.otel.svc"

16
go.mod
View file

@ -6,7 +6,7 @@ require (
dario.cat/mergo v1.0.0 dario.cat/mergo v1.0.0
github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a
github.com/eapache/channels v1.1.0 github.com/eapache/channels v1.1.0
github.com/fsnotify/fsnotify v1.6.0 github.com/fsnotify/fsnotify v1.7.0
github.com/json-iterator/go v1.1.12 github.com/json-iterator/go v1.1.12
github.com/kylelemons/godebug v1.1.0 github.com/kylelemons/godebug v1.1.0
github.com/mitchellh/go-ps v1.0.0 github.com/mitchellh/go-ps v1.0.0
@ -15,18 +15,18 @@ require (
github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/moul/pb v0.0.0-20220425114252-bca18df4138c
github.com/ncabatoff/process-exporter v0.7.10 github.com/ncabatoff/process-exporter v0.7.10
github.com/onsi/ginkgo/v2 v2.13.0 github.com/onsi/ginkgo/v2 v2.13.0
github.com/opencontainers/runc v1.1.9 github.com/opencontainers/runc v1.1.10
github.com/pmezard/go-difflib v1.0.0 github.com/pmezard/go-difflib v1.0.0
github.com/prometheus/client_golang v1.17.0 github.com/prometheus/client_golang v1.17.0
github.com/prometheus/client_model v0.5.0 github.com/prometheus/client_model v0.5.0
github.com/prometheus/common v0.44.0 github.com/prometheus/common v0.45.0
github.com/spf13/cobra v1.7.0 github.com/spf13/cobra v1.8.0
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.8.4 github.com/stretchr/testify v1.8.4
github.com/yudai/gojsondiff v1.0.0 github.com/yudai/gojsondiff v1.0.0
github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30
golang.org/x/crypto v0.14.0 golang.org/x/crypto v0.14.0
google.golang.org/grpc v1.58.3 google.golang.org/grpc v1.59.0
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7
gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/go-playground/pool.v3 v3.1.1
gopkg.in/mcuadros/go-syslog.v2 v2.3.0 gopkg.in/mcuadros/go-syslog.v2 v2.3.0
@ -74,7 +74,7 @@ require (
github.com/google/gofuzz v1.1.0 // indirect github.com/google/gofuzz v1.1.0 // indirect
github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.3.0 // indirect github.com/google/uuid v1.3.1 // indirect
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
github.com/imdario/mergo v0.3.6 // indirect github.com/imdario/mergo v0.3.6 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect
@ -82,7 +82,7 @@ require (
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/mailru/easyjson v0.7.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-colorable v0.1.13 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
github.com/mmarkdown/mmark v2.0.40+incompatible // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect
github.com/moby/sys/mountinfo v0.5.0 // indirect github.com/moby/sys/mountinfo v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@ -110,7 +110,7 @@ require (
golang.org/x/time v0.3.0 // indirect golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.14.0 // indirect golang.org/x/tools v0.14.0 // indirect
google.golang.org/appengine v1.6.7 // indirect google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
google.golang.org/protobuf v1.31.0 // indirect google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect

35
go.sum
View file

@ -61,7 +61,7 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/coreos/go-systemd/v22 v22.4.0 h1:y9YHcjnjynCd/DVbg5j9L/33jQM3MxJlbj/zWskzfGU= github.com/coreos/go-systemd/v22 v22.4.0 h1:y9YHcjnjynCd/DVbg5j9L/33jQM3MxJlbj/zWskzfGU=
github.com/coreos/go-systemd/v22 v22.4.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.4.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
@ -85,8 +85,8 @@ github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJ
github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU=
github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
@ -191,8 +191,8 @@ github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98/go.mod h1:czg5+yv1E0Z
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
@ -244,8 +244,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4= github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
@ -289,8 +289,8 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
github.com/opencontainers/runc v1.1.9 h1:XR0VIHTGce5eWPkaPesqTBrhW2yAcaraWfsEalNwQLM= github.com/opencontainers/runc v1.1.10 h1:EaL5WeO9lv9wmS6SASjszOeQdSctvpbu0DdBQBizE40=
github.com/opencontainers/runc v1.1.9/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= github.com/opencontainers/runc v1.1.10/go.mod h1:+/R6+KmDlh+hOO8NkjmgkG9Qzvypzk0yXxAPYYR65+M=
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
@ -318,8 +318,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8
github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@ -341,8 +341,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
@ -532,7 +532,6 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@ -657,8 +656,8 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D
google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 h1:bVf09lpb+OJbByTj913DRJioFFAjf/ZGxEz7MajTp2U= google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM= google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@ -671,8 +670,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ= google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU=
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=

29
go.work.sum
View file

@ -1,3 +1,4 @@
cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw=
cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI=
cloud.google.com/go/accessapproval v1.7.1/go.mod h1:JYczztsHRMK7NTXb6Xw+dwbs/WnOJxbo/2mTI+Kgg68= cloud.google.com/go/accessapproval v1.7.1/go.mod h1:JYczztsHRMK7NTXb6Xw+dwbs/WnOJxbo/2mTI+Kgg68=
@ -27,6 +28,7 @@ cloud.google.com/go/cloudtasks v1.11.1/go.mod h1:a9udmnou9KO2iulGscKR0qBYjreuX8o
cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI= cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI=
cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
cloud.google.com/go/contactcenterinsights v1.9.1/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM= cloud.google.com/go/contactcenterinsights v1.9.1/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM=
cloud.google.com/go/container v1.22.1/go.mod h1:lTNExE2R7f+DLbAN+rJiKTisauFCaoDq6NURZ83eVH4= cloud.google.com/go/container v1.22.1/go.mod h1:lTNExE2R7f+DLbAN+rJiKTisauFCaoDq6NURZ83eVH4=
@ -121,6 +123,8 @@ cloud.google.com/go/vpcaccess v1.7.1/go.mod h1:FogoD46/ZU+JUBX9D606X21EnxiszYi2t
cloud.google.com/go/webrisk v1.9.1/go.mod h1:4GCmXKcOa2BZcZPn6DCEvE7HypmEJcJkr4mtM+sqYPc= cloud.google.com/go/webrisk v1.9.1/go.mod h1:4GCmXKcOa2BZcZPn6DCEvE7HypmEJcJkr4mtM+sqYPc=
cloud.google.com/go/websecurityscanner v1.6.1/go.mod h1:Njgaw3rttgRHXzwCB8kgCYqv5/rGpFCsBOvPbYgszpg= cloud.google.com/go/websecurityscanner v1.6.1/go.mod h1:Njgaw3rttgRHXzwCB8kgCYqv5/rGpFCsBOvPbYgszpg=
cloud.google.com/go/workflows v1.11.1/go.mod h1:Z+t10G1wF7h8LgdY/EmRcQY8ptBD/nvofaL6FqlET6g= cloud.google.com/go/workflows v1.11.1/go.mod h1:Z+t10G1wF7h8LgdY/EmRcQY8ptBD/nvofaL6FqlET6g=
github.com/alecthomas/kingpin/v2 v2.3.2/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE=
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU=
@ -153,6 +157,7 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.
github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g=
github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
@ -160,10 +165,13 @@ github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u1
github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ=
github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw= github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
github.com/google/cel-go v0.12.7/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
@ -174,6 +182,7 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe
github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@ -182,6 +191,8 @@ github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j
github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY=
github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE=
github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
@ -195,15 +206,24 @@ github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3
github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=
github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
go.etcd.io/etcd/api/v3 v3.5.7/go.mod h1:9qew1gCdDDLu+VwmeG+iFpL+QlpHTo7iubavdVDgCAA=
go.etcd.io/etcd/client/pkg/v3 v3.5.7/go.mod h1:o0Abi1MK86iad3YrWhgUsbGx1pmTS+hrORWc2CamuhY=
go.etcd.io/etcd/client/v2 v2.305.7/go.mod h1:GQGT5Z3TBuAQGvgPfhR7VPySu/SudxmEkRq9BgzFU6s=
go.etcd.io/etcd/client/v3 v3.5.7/go.mod h1:sOWmj9DZUMyAngS7QQwCyAXXAL6WhgTOPLNS/NabQgw=
go.etcd.io/etcd/pkg/v3 v3.5.7/go.mod h1:kcOfWt3Ov9zgYdOiJ/o1Y9zFfLhQjylTgL4Lru8opRo=
go.etcd.io/etcd/raft/v3 v3.5.7/go.mod h1:TflkAb/8Uy6JFBxcRaH2Fr6Slm9mCPVdI2efzxY96yU=
go.etcd.io/etcd/server/v3 v3.5.7/go.mod h1:gxBgT84issUVBRpZ3XkW1T55NjOb4vZZRI4wVvNhf4A=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0/go.mod h1:h8TWwRAhQpOd0aM5nYsRD8+flnkj+526GEIVlarH7eY= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0/go.mod h1:h8TWwRAhQpOd0aM5nYsRD8+flnkj+526GEIVlarH7eY=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c=
@ -246,6 +266,7 @@ golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@ -276,9 +297,12 @@ google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mR
google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:O9kGHb51iE/nOGvQaDUuadVYqovW56s5emA88lQnj6Y= google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:O9kGHb51iE/nOGvQaDUuadVYqovW56s5emA88lQnj6Y=
google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 h1:Z0hjGZePRE0ZBWotvtrwxFNrNE9CUAGtplaDK5NNI/g= google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 h1:Z0hjGZePRE0ZBWotvtrwxFNrNE9CUAGtplaDK5NNI/g=
google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0= google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0=
google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY=
google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ= google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ=
google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ=
google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:8mL13HKkDa+IuJ8yruA3ci0q+0vsUz4m//+ottjwS5o= google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:8mL13HKkDa+IuJ8yruA3ci0q+0vsUz4m//+ottjwS5o=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
@ -290,11 +314,14 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/kms v0.27.6/go.mod h1:9YQuCFa+n88RWokHkl+4RHFQ9DATSip/ihBqxlDUBuw=
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ=
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2/go.mod h1:+qG7ISXqCDVVcyO8hLn12AKVYYUjM7ftlqsqmrhMZE0=

4
images/kube-webhook-certgen/rootfs/go.mod
View file

@ -26,7 +26,7 @@ require (
github.com/google/go-cmp v0.5.9 // indirect github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gofuzz v1.1.0 // indirect github.com/google/gofuzz v1.1.0 // indirect
github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect
github.com/google/uuid v1.3.0 // indirect github.com/google/uuid v1.3.1 // indirect
github.com/imdario/mergo v0.3.6 // indirect github.com/imdario/mergo v0.3.6 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/josharian/intern v1.0.0 // indirect github.com/josharian/intern v1.0.0 // indirect
@ -42,7 +42,7 @@ require (
github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/pflag v1.0.5 // indirect
github.com/stretchr/testify v1.8.4 // indirect github.com/stretchr/testify v1.8.4 // indirect
github.com/tidwall/gjson v1.14.0 // indirect github.com/tidwall/gjson v1.14.0 // indirect
golang.org/x/net v0.16.0 // indirect golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.12.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect
golang.org/x/sys v0.13.0 // indirect golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect golang.org/x/term v0.13.0 // indirect

8
images/kube-webhook-certgen/rootfs/go.sum
View file

@ -202,8 +202,8 @@ github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98/go.mod h1:czg5+yv1E0Z
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
@ -527,8 +527,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

1
images/nginx/rootfs/Dockerfile
View file

@ -39,7 +39,6 @@ RUN apk update \
openssl \ openssl \
pcre \ pcre \
zlib \ zlib \
geoip \
ca-certificates \ ca-certificates \
patch \ patch \
yajl \ yajl \

8
images/nginx/rootfs/build.sh
View file

@ -77,8 +77,8 @@ export LUA_UPSTREAM_VERSION=8aa93ead98ba2060d4efd594ae33a35d153589bf
# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.11...openresty:master # Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.11...openresty:master
export LUA_CJSON_VERSION=2.1.0.11 export LUA_CJSON_VERSION=2.1.0.11
# Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/3.3...master # Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/3.4...master
export GEOIP2_VERSION=a26c6beed77e81553686852dceb6c7fdacc5970d export GEOIP2_VERSION=a607a41a8115fecfc05b5c283c81532a3d605425
# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20230410...v2.1-agentzh # Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20230410...v2.1-agentzh
export LUAJIT_VERSION=2.1-20230410 export LUAJIT_VERSION=2.1-20230410
@ -164,7 +164,6 @@ apk add \
linux-headers \ linux-headers \
libxslt-dev \ libxslt-dev \
gd-dev \ gd-dev \
geoip-dev \
perl-dev \ perl-dev \
libedit-dev \ libedit-dev \
mercurial \ mercurial \
@ -263,7 +262,7 @@ fi
get_src 8d39c6b23f941a2d11571daaccc04e69539a3fcbcc50a631837560d5861a7b96 \ get_src 8d39c6b23f941a2d11571daaccc04e69539a3fcbcc50a631837560d5861a7b96 \
"https://github.com/DataDog/dd-opentracing-cpp/archive/v$DATADOG_CPP_VERSION.tar.gz" "https://github.com/DataDog/dd-opentracing-cpp/archive/v$DATADOG_CPP_VERSION.tar.gz"
get_src 4c1933434572226942c65b2f2b26c8a536ab76aa771a3c7f6c2629faa764976b \ get_src b6c9c09fd43eb34a71e706ad780b2ead26549a9a9f59280fe558f5b7b980b7c6 \
"https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz" "https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz"
get_src deb4ab1ffb9f3d962c4b4a2c4bdff692b86a209e3835ae71ebdf3b97189e40a9 \ get_src deb4ab1ffb9f3d962c4b4a2c4bdff692b86a209e3835ae71ebdf3b97189e40a9 \
@ -583,7 +582,6 @@ WITH_FLAGS="--with-debug \
--with-http_realip_module \ --with-http_realip_module \
--with-http_auth_request_module \ --with-http_auth_request_module \
--with-http_addition_module \ --with-http_addition_module \
--with-http_geoip_module \
--with-http_gzip_static_module \ --with-http_gzip_static_module \
--with-http_sub_module \ --with-http_sub_module \
--with-http_v2_module \ --with-http_v2_module \

BIN
images/nginx/rootfs/etc/nginx/geoip/GeoIP.dat
View file

Binary file not shown.

BIN
images/nginx/rootfs/etc/nginx/geoip/GeoIPASNum.dat
View file

Binary file not shown.

BIN
images/nginx/rootfs/etc/nginx/geoip/GeoLiteCity.dat
View file

Binary file not shown.

3
internal/ingress/annotations/annotations.go
View file

@ -51,7 +51,6 @@ import (
"k8s.io/ingress-nginx/internal/ingress/annotations/loadbalancing" "k8s.io/ingress-nginx/internal/ingress/annotations/loadbalancing"
"k8s.io/ingress-nginx/internal/ingress/annotations/log" "k8s.io/ingress-nginx/internal/ingress/annotations/log"
"k8s.io/ingress-nginx/internal/ingress/annotations/mirror" "k8s.io/ingress-nginx/internal/ingress/annotations/mirror"
"k8s.io/ingress-nginx/internal/ingress/annotations/opentracing"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/annotations/portinredirect" "k8s.io/ingress-nginx/internal/ingress/annotations/portinredirect"
"k8s.io/ingress-nginx/internal/ingress/annotations/proxy" "k8s.io/ingress-nginx/internal/ingress/annotations/proxy"
@ -94,7 +93,6 @@ type Ingress struct {
ExternalAuth authreq.Config ExternalAuth authreq.Config
EnableGlobalAuth bool EnableGlobalAuth bool
HTTP2PushPreload bool HTTP2PushPreload bool
Opentracing opentracing.Config
Opentelemetry opentelemetry.Config Opentelemetry opentelemetry.Config
Proxy proxy.Config Proxy proxy.Config
ProxySSL proxyssl.Config ProxySSL proxyssl.Config
@ -145,7 +143,6 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor {
"ExternalAuth": authreq.NewParser(cfg), "ExternalAuth": authreq.NewParser(cfg),
"EnableGlobalAuth": authreqglobal.NewParser(cfg), "EnableGlobalAuth": authreqglobal.NewParser(cfg),
"HTTP2PushPreload": http2pushpreload.NewParser(cfg), "HTTP2PushPreload": http2pushpreload.NewParser(cfg),
"Opentracing": opentracing.NewParser(cfg),
"Opentelemetry": opentelemetry.NewParser(cfg), "Opentelemetry": opentelemetry.NewParser(cfg),
"Proxy": proxy.NewParser(cfg), "Proxy": proxy.NewParser(cfg),
"ProxySSL": proxyssl.NewParser(cfg), "ProxySSL": proxyssl.NewParser(cfg),

4
internal/ingress/annotations/cors/main.go
View file

@ -201,6 +201,10 @@ func (c cors) Parse(ing *networking.Ingress) (interface{}, error) {
origins := strings.Split(unparsedOrigins, ",") origins := strings.Split(unparsedOrigins, ",")
for _, origin := range origins { for _, origin := range origins {
origin = strings.TrimSpace(origin) origin = strings.TrimSpace(origin)
if origin == "" {
continue
}
if origin == "*" { if origin == "*" {
config.CorsAllowOrigin = []string{"*"} config.CorsAllowOrigin = []string{"*"}
break break

31
internal/ingress/annotations/cors/main_test.go
View file

@ -17,6 +17,7 @@ limitations under the License.
package cors package cors
import ( import (
"reflect"
"testing" "testing"
api "k8s.io/api/core/v1" api "k8s.io/api/core/v1"
@ -172,3 +173,33 @@ func TestIngressCorsConfigInvalid(t *testing.T) {
t.Errorf("expected %v but returned %v", defaultCorsMaxAge, nginxCors.CorsMaxAge) t.Errorf("expected %v but returned %v", defaultCorsMaxAge, nginxCors.CorsMaxAge)
} }
} }
func TestIngresCorsConfigAllowOriginWithTrailingComma(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)] = "true"
// Include a trailing comma and an empty value between the commas.
data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)] = "https://origin123.test.com:4443, ,https://origin321.test.com:4443,"
ing.SetAnnotations(data)
corst, err := NewParser(&resolver.Mock{}).Parse(ing)
if err != nil {
t.Errorf("error parsing annotations: %v", err)
}
nginxCors, ok := corst.(*Config)
if !ok {
t.Errorf("expected a Config type but returned %t", corst)
}
if !nginxCors.CorsEnabled {
t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)], nginxCors.CorsEnabled)
}
expectedCorsAllowOrigins := []string{"https://origin123.test.com:4443", "https://origin321.test.com:4443"}
if !reflect.DeepEqual(nginxCors.CorsAllowOrigin, expectedCorsAllowOrigins) {
t.Errorf("expected %v but returned %v", expectedCorsAllowOrigins, nginxCors.CorsAllowOrigin)
}
}

7
internal/ingress/annotations/fastcgi/main.go
View file

@ -36,7 +36,10 @@ const (
) )
// fast-cgi valid parameters is just a single file name (like index.php) // fast-cgi valid parameters is just a single file name (like index.php)
var regexValidIndexAnnotationAndKey = regexp.MustCompile(`^[A-Za-z0-9.\-\_]+$`) var (
regexValidIndexAnnotationAndKey = regexp.MustCompile(`^[A-Za-z0-9.\-\_]+$`)
validFCGIValue = regexp.MustCompile(`^[A-Za-z0-9\-\_\$\{\}/.]*$`)
)
var fastCGIAnnotations = parser.Annotation{ var fastCGIAnnotations = parser.Annotation{
Group: "fastcgi", Group: "fastcgi",
@ -142,7 +145,7 @@ func (a fastcgi) Parse(ing *networking.Ingress) (interface{}, error) {
} }
for k, v := range cmap.Data { for k, v := range cmap.Data {
if !regexValidIndexAnnotationAndKey.MatchString(k) || !parser.NGINXVariable.MatchString(v) { if !regexValidIndexAnnotationAndKey.MatchString(k) || !validFCGIValue.MatchString(v) {
klog.ErrorS(fmt.Errorf("fcgi contains invalid key or value"), "fcgi annotation error", "configmap", cmap.Name, "namespace", cmap.Namespace, "key", k, "value", v) klog.ErrorS(fmt.Errorf("fcgi contains invalid key or value"), "fcgi annotation error", "configmap", cmap.Name, "namespace", cmap.Namespace, "key", k, "value", v)
return fcgiConfig, ing_errors.NewValidationError(fastCGIParamsAnnotation) return fcgiConfig, ing_errors.NewValidationError(fastCGIParamsAnnotation)
} }

12
internal/ingress/annotations/fastcgi/main_test.go
View file

@ -371,6 +371,18 @@ func Test_fastcgi_Parse(t *testing.T) {
want: Config{Index: "indexxpto-92123.php"}, want: Config{Index: "indexxpto-92123.php"},
wantErr: true, wantErr: true,
}, },
{
name: "invalid configmap values val",
index: "indexxpto-92123.php",
configmapname: "default/fcgiconfig",
configmap: map[string]string{
"SCRIPT_FILENAME": "/app/src/index.php",
},
want: Config{Index: "indexxpto-92123.php", Params: map[string]string{
"SCRIPT_FILENAME": "/app/src/index.php",
}},
wantErr: false,
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {

113
internal/ingress/annotations/opentracing/main.go
View file

@ -1,113 +0,0 @@
/*
Copyright 2019 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package opentracing
import (
networking "k8s.io/api/networking/v1"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/resolver"
)
const (
enableOpentracingAnnotation = "enable-opentracing"
opentracingTrustSpanAnnotation = "opentracing-trust-incoming-span"
)
var opentracingAnnotations = parser.Annotation{
Group: "opentracing",
Annotations: parser.AnnotationFields{
enableOpentracingAnnotation: {
Validator: parser.ValidateBool,
Scope: parser.AnnotationScopeLocation,
Risk: parser.AnnotationRiskLow,
Documentation: `This annotation defines if Opentracing collector should be enable for this location. Opentracing should
already be configured by Ingress administrator`,
},
opentracingTrustSpanAnnotation: {
Validator: parser.ValidateBool,
Scope: parser.AnnotationScopeLocation,
Risk: parser.AnnotationRiskLow,
Documentation: `This annotation enables or disables using spans from incoming requests as parent for created ones`,
},
},
}
type opentracing struct {
r resolver.Resolver
annotationConfig parser.Annotation
}
// Config contains the configuration to be used in the Ingress
type Config struct {
Enabled bool `json:"enabled"`
Set bool `json:"set"`
TrustEnabled bool `json:"trust-enabled"`
TrustSet bool `json:"trust-set"`
}
// Equal tests for equality between two Config types
func (bd1 *Config) Equal(bd2 *Config) bool {
if bd1.Set != bd2.Set {
return false
}
if bd1.Enabled != bd2.Enabled {
return false
}
if bd1.TrustSet != bd2.TrustSet {
return false
}
if bd1.TrustEnabled != bd2.TrustEnabled {
return false
}
return true
}
// NewParser creates a new serviceUpstream annotation parser
func NewParser(r resolver.Resolver) parser.IngressAnnotation {
return opentracing{
r: r,
annotationConfig: opentracingAnnotations,
}
}
func (o opentracing) Parse(ing *networking.Ingress) (interface{}, error) {
enabled, err := parser.GetBoolAnnotation(enableOpentracingAnnotation, ing, o.annotationConfig.Annotations)
if err != nil {
return &Config{}, nil
}
trustSpan, err := parser.GetBoolAnnotation(opentracingTrustSpanAnnotation, ing, o.annotationConfig.Annotations)
if err != nil {
return &Config{Set: true, Enabled: enabled}, nil
}
return &Config{Set: true, Enabled: enabled, TrustSet: true, TrustEnabled: trustSpan}, nil
}
func (o opentracing) GetDocumentation() parser.AnnotationFields {
return o.annotationConfig.Annotations
}
func (o opentracing) Validate(anns map[string]string) error {
maxrisk := parser.StringRiskToRisk(o.r.GetSecurityConfiguration().AnnotationsRiskLevel)
return parser.CheckAnnotationRisk(anns, maxrisk, opentracingAnnotations.Annotations)
}

159
internal/ingress/annotations/opentracing/main_test.go
View file

@ -1,159 +0,0 @@
/*
Copyright 2019 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package opentracing
import (
"testing"
api "k8s.io/api/core/v1"
networking "k8s.io/api/networking/v1"
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/resolver"
)
const enableAnnotation = "true"
func buildIngress() *networking.Ingress {
defaultBackend := networking.IngressBackend{
Service: &networking.IngressServiceBackend{
Name: "default-backend",
Port: networking.ServiceBackendPort{
Number: 80,
},
},
}
return &networking.Ingress{
ObjectMeta: meta_v1.ObjectMeta{
Name: "foo",
Namespace: api.NamespaceDefault,
},
Spec: networking.IngressSpec{
DefaultBackend: &networking.IngressBackend{
Service: &networking.IngressServiceBackend{
Name: "default-backend",
Port: networking.ServiceBackendPort{
Number: 80,
},
},
},
Rules: []networking.IngressRule{
{
Host: "foo.bar.com",
IngressRuleValue: networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Path: "/foo",
Backend: defaultBackend,
},
},
},
},
},
},
},
}
}
func TestIngressAnnotationOpentracingSetTrue(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix(enableOpentracingAnnotation)] = enableAnnotation
ing.SetAnnotations(data)
val, err := NewParser(&resolver.Mock{}).Parse(ing)
if err != nil {
t.Errorf("unexpected error %v", err)
}
openTracing, ok := val.(*Config)
if !ok {
t.Errorf("expected a Config type")
}
if !openTracing.Enabled {
t.Errorf("expected annotation value to be true, got false")
}
}
func TestIngressAnnotationOpentracingSetFalse(t *testing.T) {
ing := buildIngress()
// Test with explicitly set to false
data := map[string]string{}
data[parser.GetAnnotationWithPrefix(enableOpentracingAnnotation)] = "false"
ing.SetAnnotations(data)
val, err := NewParser(&resolver.Mock{}).Parse(ing)
if err != nil {
t.Errorf("unexpected error %v", err)
}
openTracing, ok := val.(*Config)
if !ok {
t.Errorf("expected a Config type")
}
if openTracing.Enabled {
t.Errorf("expected annotation value to be false, got true")
}
}
func TestIngressAnnotationOpentracingTrustSetTrue(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix(enableOpentracingAnnotation)] = enableAnnotation
data[parser.GetAnnotationWithPrefix(opentracingTrustSpanAnnotation)] = enableAnnotation
ing.SetAnnotations(data)
val, err := NewParser(&resolver.Mock{}).Parse(ing)
if err != nil {
t.Errorf("unexpected error %v", err)
}
openTracing, ok := val.(*Config)
if !ok {
t.Errorf("expected a Config type")
}
if !openTracing.Enabled {
t.Errorf("expected annotation value to be true, got false")
}
if !openTracing.TrustEnabled {
t.Errorf("expected annotation value to be true, got false")
}
}
func TestIngressAnnotationOpentracingUnset(t *testing.T) {
ing := buildIngress()
// Test with no annotation specified
data := map[string]string{}
ing.SetAnnotations(data)
val, err := NewParser(&resolver.Mock{}).Parse(ing)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
_, ok := val.(*Config)
if !ok {
t.Errorf("expected a Config type")
}
}

2
internal/ingress/annotations/parser/validators.go
View file

@ -71,7 +71,7 @@ var (
NGINXVariable = regexp.MustCompile(`^[A-Za-z0-9\-\_\$\{\}]*$`) NGINXVariable = regexp.MustCompile(`^[A-Za-z0-9\-\_\$\{\}]*$`)
// RegexPathWithCapture allows entries that SHOULD start with "/" and may contain alphanumeric + capture // RegexPathWithCapture allows entries that SHOULD start with "/" and may contain alphanumeric + capture
// character for regex based paths, like /something/$1/anything/$2 // character for regex based paths, like /something/$1/anything/$2
RegexPathWithCapture = regexp.MustCompile(`^/[` + alphaNumericChars + `\/\$]*$`) RegexPathWithCapture = regexp.MustCompile(`^/?[` + alphaNumericChars + `\/\$]*$`)
// HeadersVariable defines a regex that allows headers separated by comma // HeadersVariable defines a regex that allows headers separated by comma
HeadersVariable = regexp.MustCompile(`^[A-Za-z0-9-_, ]*$`) HeadersVariable = regexp.MustCompile(`^[A-Za-z0-9-_, ]*$`)
// URLWithNginxVariableRegex defines a url that can contain nginx variables. // URLWithNginxVariableRegex defines a url that can contain nginx variables.

2
internal/ingress/annotations/sessionaffinity/main.go
View file

@ -129,7 +129,7 @@ var sessionAffinityAnnotations = parser.Annotation{
Documentation: `This annotation defines the Domain attribute of the sticky cookie.`, Documentation: `This annotation defines the Domain attribute of the sticky cookie.`,
}, },
annotationAffinityCookieSameSite: { annotationAffinityCookieSameSite: {
Validator: parser.ValidateOptions([]string{"None", "Lax", "Strict"}, false, true), Validator: parser.ValidateOptions([]string{"none", "lax", "strict"}, false, true),
Scope: parser.AnnotationScopeIngress, Scope: parser.AnnotationScopeIngress,
Risk: parser.AnnotationRiskLow, Risk: parser.AnnotationRiskLow,
Documentation: `This annotation is used to apply a SameSite attribute to the sticky cookie. Documentation: `This annotation is used to apply a SameSite attribute to the sticky cookie.

5
internal/ingress/annotations/sessionaffinity/main_test.go
View file

@ -79,6 +79,7 @@ func TestIngressAffinityCookieConfig(t *testing.T) {
data[parser.GetAnnotationWithPrefix(annotationAffinityCookieMaxAge)] = "3000" data[parser.GetAnnotationWithPrefix(annotationAffinityCookieMaxAge)] = "3000"
data[parser.GetAnnotationWithPrefix(annotationAffinityCookiePath)] = "/foo" data[parser.GetAnnotationWithPrefix(annotationAffinityCookiePath)] = "/foo"
data[parser.GetAnnotationWithPrefix(annotationAffinityCookieDomain)] = "foo.bar" data[parser.GetAnnotationWithPrefix(annotationAffinityCookieDomain)] = "foo.bar"
data[parser.GetAnnotationWithPrefix(annotationAffinityCookieSameSite)] = "Strict"
data[parser.GetAnnotationWithPrefix(annotationAffinityCookieChangeOnFailure)] = "true" data[parser.GetAnnotationWithPrefix(annotationAffinityCookieChangeOnFailure)] = "true"
data[parser.GetAnnotationWithPrefix(annotationAffinityCookieSecure)] = "true" data[parser.GetAnnotationWithPrefix(annotationAffinityCookieSecure)] = "true"
ing.SetAnnotations(data) ing.SetAnnotations(data)
@ -121,6 +122,10 @@ func TestIngressAffinityCookieConfig(t *testing.T) {
t.Errorf("expected foo.bar as session-cookie-domain but returned %v", nginxAffinity.Cookie.Domain) t.Errorf("expected foo.bar as session-cookie-domain but returned %v", nginxAffinity.Cookie.Domain)
} }
if nginxAffinity.Cookie.SameSite != "Strict" {
t.Errorf("expected Strict as session-cookie-same-site but returned %v", nginxAffinity.Cookie.SameSite)
}
if !nginxAffinity.Cookie.ChangeOnFailure { if !nginxAffinity.Cookie.ChangeOnFailure {
t.Errorf("expected change of failure parameter set to true but returned %v", nginxAffinity.Cookie.ChangeOnFailure) t.Errorf("expected change of failure parameter set to true but returned %v", nginxAffinity.Cookie.ChangeOnFailure)
} }

9
internal/ingress/annotations/xforwardedprefix/main.go
View file

@ -31,10 +31,11 @@ var xForwardedForAnnotations = parser.Annotation{
Group: "backend", Group: "backend",
Annotations: parser.AnnotationFields{ Annotations: parser.AnnotationFields{
xForwardedForPrefixAnnotation: { xForwardedForPrefixAnnotation: {
Validator: parser.ValidateRegex(parser.BasicCharsRegex, true), Validator: parser.ValidateRegex(parser.RegexPathWithCapture, true),
Scope: parser.AnnotationScopeLocation, Scope: parser.AnnotationScopeLocation,
Risk: parser.AnnotationRiskLow, // Low, as it allows regexes but on a very limited set Risk: parser.AnnotationRiskMedium,
Documentation: `This annotation can be used to add the non-standard X-Forwarded-Prefix header to the upstream request with a string value`, Documentation: `This annotation can be used to add the non-standard X-Forwarded-Prefix header to the upstream request with a string value. It can
contain regular characters and captured groups specified as '$1', '$2', etc.`,
}, },
}, },
} }

1
internal/ingress/annotations/xforwardedprefix/main_test.go
View file

@ -40,6 +40,7 @@ func TestParse(t *testing.T) {
{map[string]string{annotation: "true"}, "true"}, {map[string]string{annotation: "true"}, "true"},
{map[string]string{annotation: "1"}, "1"}, {map[string]string{annotation: "1"}, "1"},
{map[string]string{annotation: ""}, ""}, {map[string]string{annotation: ""}, ""},
{map[string]string{annotation: "/$1"}, "/$1"},
{map[string]string{}, ""}, {map[string]string{}, ""},
{nil, ""}, {nil, ""},
} }

124
internal/ingress/controller/config/config.go
View file

@ -46,7 +46,7 @@ const (
// that tell browsers that it should only be communicated with using HTTPS, instead of using HTTP. // that tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
// https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security // https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
// max-age is the time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS. // max-age is the time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS.
hstsMaxAge = "15724800" hstsMaxAge = "31536000"
gzipTypes = "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" gzipTypes = "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"
@ -572,22 +572,6 @@ type Configuration struct {
// Default: true // Default: true
ProxyAddOriginalURIHeader bool `json:"proxy-add-original-uri-header"` ProxyAddOriginalURIHeader bool `json:"proxy-add-original-uri-header"`
// EnableOpentracing enables the nginx Opentracing extension
// https://github.com/opentracing-contrib/nginx-opentracing
// By default this is disabled
EnableOpentracing bool `json:"enable-opentracing"`
// OpentracingOperationName specifies a custom name for the server span
OpentracingOperationName string `json:"opentracing-operation-name"`
// OpentracingOperationName specifies a custom name for the location span
OpentracingLocationOperationName string `json:"opentracing-location-operation-name"`
// OpentracingTrustIncomingSpan sets whether or not to trust incoming trace spans
// If false, incoming span headers will be rejected
// Default: true
OpentracingTrustIncomingSpan bool `json:"opentracing-trust-incoming-span"`
// EnableOpentelemetry enables the nginx Opentelemetry extension // EnableOpentelemetry enables the nginx Opentelemetry extension
// By default this is disabled // By default this is disabled
EnableOpentelemetry bool `json:"enable-opentelemetry"` EnableOpentelemetry bool `json:"enable-opentelemetry"`
@ -639,94 +623,6 @@ type Configuration struct {
// Default: 512 // Default: 512
OtelMaxExportBatchSize int32 `json:"otel-max-export-batch-size"` OtelMaxExportBatchSize int32 `json:"otel-max-export-batch-size"`
// ZipkinCollectorHost specifies the host to use when uploading traces
ZipkinCollectorHost string `json:"zipkin-collector-host"`
// ZipkinCollectorPort specifies the port to use when uploading traces
// Default: 9411
ZipkinCollectorPort int `json:"zipkin-collector-port"`
// ZipkinServiceName specifies the service name to use for any traces created
// Default: nginx
ZipkinServiceName string `json:"zipkin-service-name"`
// ZipkinSampleRate specifies sampling rate for traces
// Default: 1.0
ZipkinSampleRate float32 `json:"zipkin-sample-rate"`
// JaegerCollectorHost specifies the host to use when uploading traces
JaegerCollectorHost string `json:"jaeger-collector-host"`
// JaegerCollectorPort specifies the port to use when uploading traces
// Default: 6831
JaegerCollectorPort int `json:"jaeger-collector-port"`
// JaegerEndpoint specifies the enpoint to use when uploading traces to a collector over TCP
JaegerEndpoint string `json:"jaeger-endpoint"`
// JaegerServiceName specifies the service name to use for any traces created
// Default: nginx
JaegerServiceName string `json:"jaeger-service-name"`
// JaegerPropagationFormat specifies the traceparent/tracestate propagation format
JaegerPropagationFormat string `json:"jaeger-propagation-format"`
// JaegerSamplerType specifies the sampler to be used when sampling traces.
// The available samplers are: const, probabilistic, ratelimiting, remote
// Default: const
JaegerSamplerType string `json:"jaeger-sampler-type"`
// JaegerSamplerParam specifies the argument to be passed to the sampler constructor
// Default: 1
JaegerSamplerParam string `json:"jaeger-sampler-param"`
// JaegerSamplerHost specifies the host used for remote sampling consultation
// Default: http://127.0.0.1
JaegerSamplerHost string `json:"jaeger-sampler-host"`
// JaegerSamplerHost specifies the host used for remote sampling consultation
// Default: 5778
JaegerSamplerPort int `json:"jaeger-sampler-port"`
// JaegerTraceContextHeaderName specifies the header name used for passing trace context
// Default: uber-trace-id
JaegerTraceContextHeaderName string `json:"jaeger-trace-context-header-name"`
// JaegerDebugHeader specifies the header name used for force sampling
// Default: jaeger-debug-id
JaegerDebugHeader string `json:"jaeger-debug-header"`
// JaegerBaggageHeader specifies the header name used to submit baggage if there is no root span
// Default: jaeger-baggage
JaegerBaggageHeader string `json:"jaeger-baggage-header"`
// TraceBaggageHeaderPrefix specifies the header prefix used to propagate baggage
// Default: uberctx-
JaegerTraceBaggageHeaderPrefix string `json:"jaeger-tracer-baggage-header-prefix"`
// DatadogCollectorHost specifies the datadog agent host to use when uploading traces
DatadogCollectorHost string `json:"datadog-collector-host"`
// DatadogCollectorPort specifies the port to use when uploading traces
// Default: 8126
DatadogCollectorPort int `json:"datadog-collector-port"`
// DatadogEnvironment specifies the environment this trace belongs to.
// Default: prod
DatadogEnvironment string `json:"datadog-environment"`
// DatadogServiceName specifies the service name to use for any traces created
// Default: nginx
DatadogServiceName string `json:"datadog-service-name"`
// DatadogOperationNameOverride overrides the operation naem to use for any traces crated
// Default: nginx.handle
DatadogOperationNameOverride string `json:"datadog-operation-name-override"`
// DatadogSampleRate specifies sample rate for any traces created.
// Default: use a dynamic rate instead
DatadogSampleRate *float32 `json:"datadog-sample-rate,omitempty"`
// MainSnippet adds custom configuration to the main section of the nginx configuration // MainSnippet adds custom configuration to the main section of the nginx configuration
MainSnippet string `json:"main-snippet"` MainSnippet string `json:"main-snippet"`
@ -991,9 +887,8 @@ func NewDefault() Configuration {
LimitConnZoneVariable: defaultLimitConnZoneVariable, LimitConnZoneVariable: defaultLimitConnZoneVariable,
BindAddressIpv4: defBindAddress, BindAddressIpv4: defBindAddress,
BindAddressIpv6: defBindAddress, BindAddressIpv6: defBindAddress,
OpentracingTrustIncomingSpan: true,
OpentelemetryTrustIncomingSpan: true, OpentelemetryTrustIncomingSpan: true,
OpentelemetryConfig: "/etc/nginx/opentelemetry.toml", OpentelemetryConfig: "/etc/ingress-controller/telemetry/opentelemetry.toml",
OtlpCollectorPort: "4317", OtlpCollectorPort: "4317",
OtelServiceName: "nginx", OtelServiceName: "nginx",
OtelSampler: "AlwaysOn", OtelSampler: "AlwaysOn",
@ -1002,21 +897,6 @@ func NewDefault() Configuration {
OtelScheduleDelayMillis: 5000, OtelScheduleDelayMillis: 5000,
OtelMaxExportBatchSize: 512, OtelMaxExportBatchSize: 512,
OtelMaxQueueSize: 2048, OtelMaxQueueSize: 2048,
ZipkinCollectorPort: 9411,
ZipkinServiceName: "nginx",
ZipkinSampleRate: 1.0,
JaegerCollectorPort: 6831,
JaegerPropagationFormat: "jaeger",
JaegerServiceName: "nginx",
JaegerSamplerType: "const",
JaegerSamplerParam: "1",
JaegerSamplerPort: 5778,
JaegerSamplerHost: "http://127.0.0.1",
DatadogServiceName: "nginx",
DatadogEnvironment: "prod",
DatadogCollectorPort: 8126,
DatadogOperationNameOverride: "nginx.handle",
DatadogSampleRate: nil,
LimitReqStatusCode: 503, LimitReqStatusCode: 503,
LimitConnStatusCode: 503, LimitConnStatusCode: 503,
SyslogPort: 514, SyslogPort: 514,

1
internal/ingress/controller/controller.go
View file

@ -1507,7 +1507,6 @@ func locationApplyAnnotations(loc *ingress.Location, anns *annotations.Ingress)
loc.ExternalAuth = anns.ExternalAuth loc.ExternalAuth = anns.ExternalAuth
loc.EnableGlobalAuth = anns.EnableGlobalAuth loc.EnableGlobalAuth = anns.EnableGlobalAuth
loc.HTTP2PushPreload = anns.HTTP2PushPreload loc.HTTP2PushPreload = anns.HTTP2PushPreload
loc.Opentracing = anns.Opentracing
loc.Opentelemetry = anns.Opentelemetry loc.Opentelemetry = anns.Opentelemetry
loc.Proxy = anns.Proxy loc.Proxy = anns.Proxy
loc.ProxySSL = anns.ProxySSL loc.ProxySSL = anns.ProxySSL

Some files were not shown because too many files have changed in this diff Show more